Ask Your Question
0

Measuring latency using timestamps.

asked 2022-10-14 14:38:36 +0000

nifty gravatar image

updated 2022-10-14 23:53:54 +0000

Guy Harris gravatar image

I want to measure the latency of packets from client to server rather then the RTT. SO I send some tcp packet to server and running Wireshark at both the client and server. My thinking was that I can easily measure latency using timestamps but the Wireshark at the server side also shows the timestamp zero when the packet arrives at the server. I want it to be the same as in client( at client side the timestamp is zero make sense, but at the server side it should be time it take to travel from client to server). How can I solve that problem, if not what would be the other ways to find the latency. Thank you

edit retag flag offensive close merge delete

Comments

What do you mean when you say that the timestamp is zero?

Time stamps in packet capture files are usually absolute times; in both pcap and pcapng capture files, which are native formats for Wireshark, they represent units of time since January 1, 1970, 00:00:00 UTC, so a numerically-zero pcap or pcapng timestamp means the packet was sent or received back in 1970.

Guy Harris gravatar imageGuy Harris ( 2022-10-14 16:54:07 +0000 )edit

Thanks for the response. The first SYN packet contain timestamp zero as shown below at both the client and server,

[Timestamps]
    [Time since first frame in this TCP stream: 0.000000000 seconds]
    [Time since previous frame in this TCP stream: 0.000000000 seconds]

Exactly, I want timestamps value in UTC so that I can measure the latency of packet by subtracting the timestamps of packet at client and server side ( I am running Wireshark at both machines and also synchronize both with the common NTP server).

nifty gravatar imagenifty ( 2022-10-14 17:13:53 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-10-14 22:50:21 +0000

Guy Harris gravatar image

The first SYN packet contain timestamp zero

That's because you're looking at the "time since first frame" and "time since previous frame" values. Those are NOT the time stamp of the packet in the capture, those are:

  • the difference between the time stamp in the capture for the packet you're looking at and the time stamp in the capture for the first packet in the TCP stream, as indicated by "Time since first frame in this TCP stream";
  • the difference between the time stamp in the capture for the packet you're looking at and the time stamp in the capture for the previous packet in the TCP stream, if there is one, as indicated by "Time since previous frame in this TCP stream".

As this is the first SYN packet, it is the first packet in the TCP stream, so the first difference is guaranteed to be zero, and it has no previous packet, so the second difference is reported as zero.

I want timestamps value in UTC

Then what you want to do is:

  1. from the View" menu, select the "Time Display Format" submenu and, in that submenu, select "UTC Date and Time Of Day (1970-01-01 01:02:03.123456)";
  2. look at the "Arrival Time" entry under the "Frame N" item at the top of the packet detail display, rather than anything in the TCP information.
edit flag offensive delete link more

Comments

Thank you for the guidance, some further question related to it.

  1. The Arrival time shows the time and date which is fine, but is the Epoch value is the same date and time but in the seconds from 1970 UTC? Can I use Epoch value as a time?

    Arrival Time: Oct 15, 2022 11:18:03.993296000 W. Europe Summer Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1665825483.993296000 seconds

  2. Is my way of measuring latency is fine by using these Epoch values and subtract the Epoch value the time packet transmit from client to the Epoch value the time it arrived at server?

nifty gravatar imagenifty ( 2022-10-15 09:24:57 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2022-10-14 14:38:36 +0000

Seen: 5,028 times

Last updated: Oct 14 '22

Related questions

I'd like to extract the timestamp from the wireless LAN management frame

What is the syntax for wireshark custom column

how to measure network and server latency

What is wrong with my internets?!

Need to analyze TCP congestion and latency related issues

Performance issue with SQL based application, suspect client side connectivity.

why is my NTP client timestamp wrong?

NTP timestamp display

How to get average rtt out of tcp conversation or import rtt values to the excel?

timestamp diameter after decode as