Ask Your Question
0

How do I export RTT data of a TCP stream?

asked 2024-04-24 00:53:40 +0000

narman gravatar image

Hello, I would like to export the data from the RTT plot for a given TCP stream. Currently I can see the temporal view of the RTT, but would like to get into specific timestamps and average RTT values. Is there a way to export the RTT data into a CSV or so, for further processing? I have searched around and could not find anything relevant. Appreciate any inputs.

edit retag flag offensive close merge delete

Comments

Figure 7.7. “TCP Analysis” packet detail items

Would tcp.analysis.ack_rtt be enough?

[The RTT to ACK the segment was: 0.001243000 seconds]
Chuckc gravatar imageChuckc ( 2024-04-24 03:29:32 +0000 )edit

Thank you, that seems to work. I added the parameter tcp.analysis.ack_rtt as one of the display columns, exported it to CSV and able to get the average RTT.

Is there a way to automate the above (maybe with tshark)? The trace file will have multiple TCP streams, sort the streams with highest amount of data, and get RTT for each of the streams.

narman gravatar imagenarman ( 2024-04-24 04:31:19 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2024-04-24 16:45:04 +0000

Chuckc gravatar image

updated 2024-04-25 08:24:10 +0000

grahamb gravatar image

SMP - Simple Matter of Programming (tm)

Might be slow with multiple passes of tshark but could be done with a script that grabs maximum tcp.stream number then loops through all of them.

$ tshark -r 'The Ultimate PCAP v20210721.pcapng' -T fields -e tcp.stream | sort -n | uniq| tail -1
289

$ tshark -r 'The Ultimate PCAP v20210721.pcapng' -q -z "io,stat,0,AVG(tcp.analysis.ack_rtt)tcp.analysis.ack_rtt&&tcp.stream eq 2"

=========================================================================
| IO Statistics                                                         |
|                                                                       |
| Duration: 383034710.8 secs                                            |
| Interval: 383034710.8 secs                                            |
|                                                                       |
| Col 1: AVG(tcp.analysis.ack_rtt)tcp.analysis.ack_rtt&&tcp.stream eq 2 |
|-----------------------------------------------------------------------|
|                    |1         |                                       |
| Interval           |    AVG   |                                       |
|-------------------------------|                                       |
|     0.0 <> 383034710.8 | 0.023909 |                                     |
=========================================================================
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-04-24 00:53:40 +0000

Seen: 109 times

Last updated: Apr 25