fir3net
PPS-Firenetbanner-780.5x190-30-03-17

How to Graph TCP Delta Times in Wireshark

Wireshark provides the ability to calculate the amount of time between packets. This data can then be used within the IO graphing tool of Wireshark to create a visual representation which can be used when troubleshooting networking issues.

Within this article we will show you how to create the TCP delta column, the TCP preferences involved and then how to graph this data.

TCP Delta Column

To create the column. The following steps are preformed,

  1. Select 'View / Time Display Format / Seconds Since Previous Displayed Packet'
  2. Right click on TCP packet. Select 'Protocol Preferences / Calculate Conversation Timestamps' (This is to ensure we only show the delta between packets within the same TCP conversation.)
  3. Within the TCP section of the packet you will now see [TIMESTAMPS].
  4. Right Click on the line that says 'Time since previous frame' and choose 'Apply as Column'.

Graphing

  1. Goto 'Statistics' / 'IO Graph'
  2. Within the window set the following.

References

Tags: TCP, Wireshark

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001