Wireshark-dev: Re: [Wireshark-dev] Add plugin timing statistics
Date Prev · Date Next · Thread Prev · Thread Next
From: Dario Lombardo <lomato@xxxxxxxxx>
Date: Mon, 31 Aug 2020 17:30:19 +0200
You could start by reading stats_tree documentation that tells you how handle statistic using the stats_tree subsystem (based on tap, but more evolved), by reading packet_info structure that stores info about lower layer protocols, and by reading the DNS dissector (above others), that creates stats that sound like the ones you need.

On Mon, Aug 31, 2020 at 5:21 PM <jayrturner99@xxxxxxxxx> wrote:

I would like advice on adding timing statistics to a Wireshark plugin. I have implemented a plugin for my company’s proprietary protocol, which sits on top of TCP/IP. I have added tap statistics to count various interesting pieces of data. I would now like to calculate the time it takes for the server to process commands.

 

Looking at a general flow in my protocol, a command is sent (PSH, ACK) and an ACK occurs. Then later a (PSH, ACK) and an ACK occur for the response.

If I take the response (PSH, ACK) timestamp and subtract the command ACK timestamp, I think this would be the best “how long did the server take to process” time.

Do you have an idea of any better timing data I should consider?

 

With a dissector, I can look at my protocol. How would I look at my packet’s TCP/IP protocol and get the timestamp?

 

Then I would need to associate my command’s timestamp with a response timestamp. How might I do this? Using a tap? If so, how might I do this? I know that my activity flow is - command (PSH, ACK), command ACK, response (PSH, ACK), response ACK - so I know that if I’m in a command packet that the response timestamp I need is two packets ahead, sequentially, in its conversation. Are there calls to peek ahead?

 

So, if you have suggestions on places within the documentation or code that I can study, please let me know.

 

Thank you,

Jay Turner

 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


--
Naima is online.