Wireshark: Mengukur RTT

From OnnoWiki
Jump to navigation Jump to search

Wireshark or tshark can give you the TCP RTT for each received ACK packet using tcp.analysis.ack_rtt which measures the time delta between capturing a TCP packet and the ACK for that packet.

You need to be careful with this as most of your ACK packets will be from your office machines ACKing packets received from the internet, so you will be measuring the RTT between your router seeing the packet from the internet and seeing the ACK from your office machine.

To measure your internet RTT you need to look for ACKS from the internet (ACKing data sent from your network). Assuming your office machines have IP addresses like 192.168.1.x and you have logged all the data on the LAN port of your router you could use a display filter like so:

tcp.analysis.ack_rtt and ip.dst==192.168.1.255/24

To dump the RTTs into a .csv for analysis you could use a tshark command like so;

tshark -r router.pcap -R "tcp.analysis.ack_rtt and ip.dst==192.168.1.255/24" -e tcp.analysis.ack_rtt -T fields -E separator=, -E quote=d > rtt.csv

   The -r option tells tshark to read from your .pcap file
   The -R option specifies the display filter to use
   The -e option specifies the field to output
   The -T options specify the output formatting

You can use the mergecap utility to merge all your pcap files into one one file before running this command. Turning this output into a histogram should be easy!



Referensi