I want to calculate the Round Trip timing for the TCP packets.
But in wireshark, I don't see any particular field for the RTT timing for a TCP packet like its there for the RTP packet.
Wireshark do calculates the RTT graph but i am not finding as how it has been calculated.
Can someone help me out in finding the formula used for the same?
There is nothing inside TCP that gives the round-trip time. It's estimated by the kernel based on how long it takes to receive an ACK to data that was sent. It records the timestamp of when a given sequence number went out and compares it to the timestamp of the corresponding ACK. The initial 3-way handshake gives a decent starting value for this.
However, this is only an estimate as the receiver is free to delay ACKs for a short period if it feels it can respond to multiple incoming packets with a single reply.
RTT frequently changes over the duration of the session due to changing network conditions. The effect is (obviously) more pronounced the further away the endpoints.
If you want to get the values of the RTT calculated by wireshark/tshark, the following did the trick for me to print them on stdout:
tshark -r myfile.pcap -Y 'ip.addr == AA.BB.CC.DD' -T fields -e tcp.analysis.ack_rtt
(where I used the display filter after -Y to restrict the analysis to only one remote host)
[SEQ/ACK analysis]of the packet and not as a field. – onon15