How can I identify the time a TCP packet takes from two nodes?

StackOverflow https://stackoverflow.com/questions/17531013

Domanda

I need to identify the transfer time of a packet. More specifically I need:

  • The time when the packet leaves node A
  • The time when the packet arrives at node B

Is there any way of identify the packet without error? I was thinking of using tcpdump/tshark at node A and at node B, but is possible to identify the packet?? How?

È stato utile?

Soluzione 2

There's not a unique identification for a TCP packet. There are parameters that combined can help you to recognize a packet, but there's not a 100% guarantee that won't repeat (specially when analizing huge quantity of packets). Those parameters are:

  • src ip
  • dst ip
  • src port
  • dst port
  • ip id

When a TCP connection is stablised, the TCP identification numbers wraps after sending only 65536 packets, so I'll choose to analyze packets before wrapping.

I got that info from: https://www.wireshark.org/lists/wireshark-users/201004/msg00216.html

Altri suggerimenti

Either or (TShark/tcpdump) I will explain the analysis with wireshark.

Let Node A = 10.1.2.1 Let Node B = 10.20.30.1

From Capture on Node A:

In Wireshark, in the filter, isolate the addresses to minimize noise:

ip.addr == 10.1.2.1 (click apply)

Click apply. Hit CTRL+Alt+1 to display the time easier to read: 2013-07-08 14:30:00 . You'll see the packets displaying what time it left Node A. Jot it down, and then do the reverse. Analyze the capture from Node B:

ip.addr == 10.20.30.1 (click apply)

CTRL+ALT+1 Compare. Be advised, unless you have both nodes synced with an NTP server, your results will be skewed

If you are planning on capturing on both nodes, you will also need to make sure that the system clocks are tightly synchronised.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top