Ask Your Question

How to get average rtt out of tcp conversation or import rtt values to the excel?

asked 2018-06-15 00:49:56 +0000

Alex275 gravatar image


I want to get average rtt information from the certain tcp conversation. I know that is possible to see rtt from TCP Stream Graphs or I/O Graphs and estimate average based on this. But I want an accurate number for it.

And if there is no way get the average rtt in wireshark directly, is there way to import the rtt values used by Graphs to make calculations manually (excel).

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-06-15 05:00:49 +0000

NJL gravatar image

updated 2018-06-21 17:46:11 +0000

grahamb gravatar image


You can use the IO graph with the "tcp.analysis.ack_rtt" display filter in the "Y field", select "AVG(Y Field)" in the "Y Axis" drop-down and choose display filter (to focus on the TCP session of interest), interval, Style etc. as you see fit. If you want to export it to Excel, you can click save As, and select it as .csv and the import it into Excel.

The same can be done using command line, with tshark:

tshark -Y "display-filter to focus on the TCP session of interest" -r <inputfile> -Tfields -e "tcp.analysis.ack_rtt"

This will print the ACK_RTT values and you can then export that to a file and again import it into Excel.

edit flag offensive delete link more


Thanks for replies. As I understand, tcp.analysis.ackrtt takes only acknowledgement RTTs. But after filtering tcp.analysis.ackrtt a get number of results less than the number of acknowledgements I got.
Could we say that avg rtt among all ack packets is avg rtt of all packets in the conversation?

Alex275 gravatar imageAlex275 ( 2018-06-22 01:57:50 +0000 )edit

Not entirely sure what you mean. Are you able to share the capture file?

NJL gravatar imageNJL ( 2018-06-22 09:10:33 +0000 )edit

Sorry, probably my misunderstanding. The number of ACK is ok. But my server has sent 65084 packets and received 427 571 packets back.

And the number of ACK RTT that I got after using tshark command as you send was ~11000. Average RTT there was equal 111ms. But from TCP Stream Graph it doesn't look like this correct rtt.

Alex275 gravatar imageAlex275 ( 2018-06-24 07:26:57 +0000 )edit

I would appreciate the full capture file if I am to help you analyze this as I much prefer it to screen captures. If the capture contains sensitive/confidential data, you can sanitize it with TraceWrangler.

NJL gravatar imageNJL ( 2018-06-29 18:05:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2018-06-15 00:49:56 +0000

Seen: 4,833 times

Last updated: Jun 21 '18