Hello, I would like to export the data from the RTT plot for a given TCP stream. Currently I can see the temporal view of the RTT, but would like to get into specific timestamps and average RTT values. Is there a way to export the RTT data into a CSV or so, for further processing? I have searched around and could not find anything relevant. Appreciate any inputs.
SMP - Simple Matter of Programming (tm)
Might be slow with multiple passes of tshark but could be done with a script that grabs maximum tcp.stream number then loops through all of them.
$ tshark -r 'The Ultimate PCAP v20210721.pcapng' -T fields -e tcp.stream | sort -n | uniq| tail -1 289 $ tshark -r 'The Ultimate PCAP v20210721.pcapng' -q -z "io,stat,0,AVG(tcp.analysis.ack_rtt)tcp.analysis.ack_rtt&&tcp.stream eq 2" ========================================================================= | IO Statistics | | | | Duration: 383034710.8 secs | | Interval: 383034710.8 secs | | | | Col 1: AVG(tcp.analysis.ack_rtt)tcp.analysis.ack_rtt&&tcp.stream eq 2 | |-----------------------------------------------------------------------| | |1 | | | Interval | AVG | | |-------------------------------| | | 0.0 <> 383034710.8 | 0.023909 | | =========================================================================
Asked: Apr 24 '4
Seen: 377 times
Last updated: Apr 25 '24
Figure 7.7. “TCP Analysis” packet detail items
Would
tcp.analysis.ack_rttbe enough?Thank you, that seems to work. I added the parameter
tcp.analysis.ack_rttas one of the display columns, exported it to CSV and able to get the average RTT.Is there a way to automate the above (maybe with tshark)? The trace file will have multiple TCP streams, sort the streams with highest amount of data, and get RTT for each of the streams.