Wireshark/tshark: calculating Windows 10 desktop uptime

asked 2020-04-03 17:19:59 +0000

alohawireshark gravatar image

updated 2020-04-03 17:20:22 +0000

I'm interesting in tracking/calculating the uptime of a Windows 10 desktop computer using TCP packet header information. I read about using the TSecr field. However, both tcp.options.timestamp.tsval and tcp.options.timestamp.tsecr return blank information.

1.Is it possible to calculate machine uptime using other fields?

I've read that Windows is using "TCP Receive Window Auto-Tuning" instead of TCP timestamps to achieve the same performance objectives that timestamps were once used for.

2.Can I use features related to "TCP Receive Window Auto-Tuning" to calculate machine uptime? What fields would those be?

edit retag flag offensive close merge delete