I want to calculate the time difference between the time from sending the packet, to getting its ACK back. I do not see any timestamp related information in the packet, could anyone give me any pointers as to how I can compute the difference.
time difference between two packets in wireshark
- Apply a filter, so that you only see the frames you are interested in
- Right click on column title bar and choose "Column Preferences..."
- Click on "Add" (give the column a reasonable name)
- Change field type to "Custom"
- Type "frame.time_delta_displayed" in "Field name" without "
In Wireshark Preferences / Appearance / Columns you can add a new column of type Delta time. With this new column and wise capture filtering you should be able to do what you want.
You have to put a filter selecting the SYN packet and the ACK packet and filtering this by IP or traffic. For example, if SYN is sent n. 85 and SYN ACK is receive in n. 86 (or ACK sent in n. 87)
(ip.addr == 192.168.1.1) && ((frame.number == 85) || (frame.number == 86))
When You have the traffic filtered go to Statistics -> Summary and see the time Between first and last packet in the displayed column of the table.
My use case was similar to this one. Here's how I did it, am using Wireshark 3.0.5.
Choose the two packets that you are interested on by filtering the frame number. In my case, these two are WLAN packets (first frame being the authentication packet and another is the data packet). Filter used would be:
((frame.number == 99) || (frame.number == 124))
Then, go to View > Time Display Format > Seconds Since Previous Displayed Packet.
Within the time column you'll observe time taken between those two packets.
© 2022 - 2024 — McMap. All rights reserved.