Thanks, Sake this is what I have been looking for....
Roger
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Thursday, March 12, 2009 6:30 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] tcp.analysis.ack_rtt
On Thu, Mar 12, 2009 at 01:46:03PM -0500, Wynns, Roger [OXFORD] wrote:
> I have a question about how tcp.analysis.ack_rtt is calculated...
In the
> documentation(Wikipedia.org) RTT is calculated from the three-way
> handshake but it appears that in Wireshark it is also calculated
for each
> ACK. So my question is How is it calculated and is it possible to
just
> get the RTT numbers for just the three-way handshake?
Yes, it is calculated for each ACK, but there was some discussion
recently on which packets should contain this field...
> What I am trying to get is the RTT for each port connection that
the
> client makes to use as baseline data.
Something like:
tshark -r <file> -R "tcp.flags.syn==1 && tcp.flags.ack==1" -T fields -e
tcp.analysis.ack_rtt
will get you a list of the RTT of each SYN/ACK, you might want to add
server IP and port:
tshark -r traces/sharkfest-1.cap -R "tcp.flags.syn==1 &&
tcp.flags.ack==1" -T fields -e ip.src -e tcp.srcport -e
tcp.analysis.ack_rtt
Hope this helps,
Cheers,
Sake