In this blog post, I will demonstrate how to obtain an average of the round-trip time (RTT) of a specific TCP stream, which is the time it takes for one host to acknowledge a frame sent by another host. This metric can be used to diagnose performance issues in a network or within an embedded device running a µC/TCP-IP-based application but these topics are outside of the scope of this post. As of version 2.6.5, Wireshark does not feature a direct way to obtain the average RTT. Instead, it has a neat graphical feature shown in Figure 1 that displays the instantaneous RTT, say from frame A to frame B. However, it is sometimes more practical to have an average of the data set. This graph can be generated by going to the (Statistics->TCP Stream Graphs->Round Trip Time) in the menu bar and selecting the stream of interest.
Figure 1: RTT Stream Graph
The objective is to find out what are the values of the data points plotted in Figure 1 and export them. This is not obvious at first glance, but Wireshark allows the user to create custom columns to display information not readily available by default by applying filters to them. In order to carry this out we are going to create a custom column, name it “ACK RTT”, and apply the filter “tcp.analysis.rtt_ack” by going to the “Wireshark Preferences” (Edit->Preferences) and selecting the “Columns” tab in the Appearance drop-down. Next, we will need to add a new column by clicking on the "+" button, renaming it “ACK RTT”, and changing the type to “Custom”. Finally, we need to apply the filter in the “Fields” column (see Figure 2). After clicking “OK” we can see the new column in the capture window with the values we need.
Figure 2: Wireshark Column Preferences
The next step is to export the values but before we do, we need to select the TCP stream we want by entering the “tcp.stream == x” expression in the filter text box (shown in green in Figure 3), where “x” would be the stream number indicated in Figure 1. Wireshark allows the user to export the captured frames in different formats in case one would like to do further analysis on them. One of which is the “Export as CSV” feature shown in Figure 3 which arranges the contents of the capture into a comma-separated tabular form that is importable to Microsoft Excel.
Figure 3: CSV Export
When we open the .csv file in Excel, the application will prompt you to convert the file to a .xlsx file. After which we can select any empty cell in the spreadsheet and use the AVERAGE() formula on the range in the ACK RTT column.
Figure 4: Average line inscribed in original graph