使用Wireshark或其他工具绘制RTT直方图 [英] Plot RTT histogram using wireshark or other tool

问题描述

我有一个小的办公网络，并且正在经历巨大的Internet链接延迟.我们有一个简单的网络拓扑:配置为运行ubuntu服务器10.10的路由器的计算机，2个网卡(一个到Internet链接，另一个到办公室网络)和一台连接20台计算机的交换机.我在路由器上收集了一个巨大的tcpdump日志，我想绘制一个所有 TCP流的RTT时间的直方图，以试图找到解决此延迟问题的最佳方法.那么，有人可以告诉我如何使用Wireshark或其他工具吗?

I have a little office network and I'm experiencing a huge internet link latency. We have a simple network topology: a computer configured as router running ubuntu server 10.10, 2 network cards (one to internet link, other to office network) and a switch connecting 20 computers. I have a huge tcpdump log collected at the router and I would like to plot a histogram with the RTT time of all TCP streams to try to find out the best solution to this latency problem. So, could somebody tell me how to do it using wireshark or other tool?

推荐答案

Wireshark或tshark可以使用 tcp.analysis.ack_rtt 为每个接收到的ACK数据包提供TCP RTT，它可以测量之间的时间差捕获TCP数据包和该数据包的ACK.

Wireshark or tshark can give you the TCP RTT for each received ACK packet using tcp.analysis.ack_rtt which measures the time delta between capturing a TCP packet and the ACK for that packet.

您需要注意这一点，因为大多数ACK数据包将来自您的办公机器ACK数据包是从Internet接收的，因此您将测量路由器之间的RTT，查看来自上网，并从您的办公室机器看到ACK.

You need to be careful with this as most of your ACK packets will be from your office machines ACKing packets received from the internet, so you will be measuring the RTT between your router seeing the packet from the internet and seeing the ACK from your office machine.

要测量您的互联网RTT，您需要从互联网中查找ACK(从网络发送的ACK数据).假设您的办公室机器的IP地址为192.168.1.x，并且您已将所有数据记录在路由器的LAN端口上，则可以使用如下所示的显示过滤器:

To measure your internet RTT you need to look for ACKS from the internet (ACKing data sent from your network). Assuming your office machines have IP addresses like 192.168.1.x and you have logged all the data on the LAN port of your router you could use a display filter like so:

tcp.analysis.ack_rtt and ip.dst==192.168.1.255/24

要将RTT转储到.csv中进行分析，您可以使用tshark命令，像这样；

To dump the RTTs into a .csv for analysis you could use a tshark command like so;

tshark -r router.pcap -Y "tcp.analysis.ack_rtt and ip.dst==192.168.1.255/24" -e tcp.analysis.ack_rtt -T fields -E separator=, -E quote=d > rtt.csv

• -r选项告诉tshark从您的.pcap文件中读取
• -Y选项指定要使用的显示过滤器(不建议使用不带-2的-R)
• -e选项指定要输出的字段
• -T选项指定输出格式

在运行此命令之前，可以使用mergecap实用程序将所有pcap文件合并为一个文件.将此输出转换为直方图应该很容易！

You can use the mergecap utility to merge all your pcap files into one one file before running this command. Turning this output into a histogram should be easy!

这篇关于使用Wireshark或其他工具绘制RTT直方图的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！