Troubleshooting with Wireshark - Find Delays in TCP Conversations

The delta time column has always been one of the first things to add when configuring Wireshark. It shows the time between displayed packets, or captured packets, depending on how you set it up. It makes finding delays in conversations much easier to do - that is unless you are dealing with a trace file that has several TCP conversations in tandem. It may be that the time between packets looks good, but that is because the previous packet is a part of a different conversation from the one you are analyzing.

In this video we will look at how to use the TCP Timestamp information in the TCP header (added by Wireshark) to find delays in conversations, even when multiple connections are overlapping each other.

This can help us to quickly identify where the hold-ups are in conversations, getting to root cause faster.

Hope this helps when troubleshooting!

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors.


