On Aug 31, 2020, at 8:20 AM, jayrturne...@gmail.com wrote:
> I would like advice on adding timing statistics to a Wireshark plugin. I have
> implemented a plugin for my company’s proprietary protocol, which sits on top
> of TCP/IP. I have added tap statistics to count various interesting pieces of
> data. I would now like to calculate the time it takes for the server to
> process commands.
>
> Looking at a general flow in my protocol, a command is sent (PSH, ACK) and an
> ACK occurs. Then later a (PSH, ACK) and an ACK occur for the response.
> If I take the response (PSH, ACK) timestamp and subtract the command ACK
> timestamp, I think this would be the best “how long did the server take to
> process” time.
The *best* way would be to
1) capture on the server;
2) get the time stamp of the *last* TCP segment of the request and the
time stamp of the *first* TCP segment of the reply;
3) subtract them.
That removes whatever network transit time you'd get if you use a capture done
on the client.
Note, of course, that what you're measuring there would be the amount of time
between the time when the networking stack (including the capture mechanism) on
the server time-stamped the incoming last TCP segment of the request and the
time when the networking stack on the server time-stamped the outgoing first
TCP segment of the reply, which counts some, but not all, server processing
time.
Second best would be to capture on the same network as the one the server's on;
that reduces the network transit time, although it's still there.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
