Ask Your Question
0

Who sets the value of Timestamps fields inside TCP?

asked 2018-08-24 20:04:41 +0000

salekul gravatar image

I can find "Time since first frame in this TCP stream:" and "Time since previous frame in this TCP stream:" fields in the Timestamps of TCP. My question is are these two values same as the "Arrival time" of the Frame header?

Who sets these values? The sender or the OS at the receiver's side?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-08-24 20:16:53 +0000

Jaap gravatar image

Note that these fields are added in square brackets. That is the format of fields which are not contained in the packet itself, but derived by Wireshark based on the current and other, related, frames.

edit flag offensive delete link more

Comments

I.e., they are calculated from values set by the hardware or software on the machine on which the traffic is captured; that might be the sending machine, the receiving machine, or some other machine doing network sniffing.

"Time since first frame in this TCP stream" is the difference between the "Arrival time" of the frame in question and the "Arrival time" of the first frame in the TCP stream; "Time since previous frame in this TCP stream" is the difference between the "Arrival time" of the frame in question and the "Arrival time" of the previous frame in the TCP stream.

Guy Harris gravatar imageGuy Harris ( 2018-08-24 20:37:25 +0000 )edit

Your explanation is very helpful. Now, this is clear to me.

salekul gravatar imagesalekul ( 2018-08-25 04:00:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-24 20:04:41 +0000

Seen: 2,895 times

Last updated: Aug 25 '18