Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Wireshark/tshark: calculating Windows 10 desktop uptime

I'm interesting in tracking/calculating the uptime of a Windows 10 desktop computer using TCP packet header information. I read about using the TSecr field. However, both tcp.options.timestamp.tsval and tcp.options.timestamp.tsecr return blank information.

  1. Is it possible to calculate machine uptime using other fields?

I've read that Windows is using "TCP Receive Window Auto-Tuning" instead of TCP timestamps to achieve the same performance objectives that timestamps were once used for.

  1. Can I use features related to "TCP Receive Window Auto-Tuning" to calculate machine uptime? What fields would those be?

Wireshark/tshark: calculating Windows 10 desktop uptime

I'm interesting in tracking/calculating the uptime of a Windows 10 desktop computer using TCP packet header information. I read about using the TSecr field. However, both tcp.options.timestamp.tsval and tcp.options.timestamp.tsecr return blank information.

  1. Is

    1.Is it possible to calculate machine uptime using other fields?

I've read that Windows is using "TCP Receive Window Auto-Tuning" instead of TCP timestamps to achieve the same performance objectives that timestamps were once used for.

  1. Can

    2.Can I use features related to "TCP Receive Window Auto-Tuning" to calculate machine uptime? What fields would those be?