How to Graph TCP Delta Times in Wireshark
Wireshark provides the ability to calculate the amount of time between packets. This data can then be used within the IO graphing tool of Wireshark to create a visual representation which can be used when troubleshooting networking issues.
Within this article we will show you how to create the TCP delta column, the TCP preferences involved and then how to graph this data.
TCP Delta Column
To create the column. The following steps are preformed,
- Select 'View / Time Display Format / Seconds Since Previous Displayed Packet'
- Right click on TCP packet. Select 'Protocol Preferences / Calculate Conversation Timestamps' (This is to ensure we only show the delta between packets within the same TCP conversation.)
- Within the TCP section of the packet you will now see [TIMESTAMPS].
- Right Click on the line that says 'Time since previous frame' and choose 'Apply as Column'.
- Goto 'Statistics' / 'IO Graph'
- Within the window set the following.
- Details how to create the IO Graph - http://wiresharkbook.com/tr_samplepages/978-1-893939-97-4lab89deltatimes286.pdf
- Video on how to create TCP delta columns - https://www.youtube.com/watch?v=QqKAnZnHss0