您可以檢查RFC1323,並使用TSval和TSecr計算RTT。爲了避免複雜性,當連接建立時,您可以在三次握手中嘗試SYN-SYN/ACK-ACK。像這樣...
12:02:22.549838 IP xxx.xxx.xxx.xxx.34400 > yyy.yyy.yyy.yyy.80: Flags [S], seq 3721025326, win 26883, options [mss 8961,sackOK,TS val 2130701590 ecr 0,nop,wscale 7], length 0
12:02:22.827325 IP yyy.yyy.yyy.yyy.80 > xxx.xxx.xxx.xxx.34400: Flags [S.], seq 506523745, ack 3721025327, win 42408, options [mss 1380,sackOK,TS val 41895331 ecr 2130701590,nop,wscale 8], length 0
12:02:22.827383 IP xxx.xxx.xxx.xxx.34400 > yyy.yyy.yyy.yyy.80: Flags [.], ack 1, win 211, options [nop,nop,TS val 2130701660 ecr 41895331], length 0
SYN => TS VAL 2130701590
SYN/ACK => ECR 2130701590,TS VAL 41895331
ACK => TS VAL 2130701660
RTT = 2130701660 - 2130701590 = 70(我認爲 單位是毫秒)
>>> capture = sniff(filter="port 80", timeout = 10, count = 50)
>>> tsvaltmp = 0
>>> tsecrtmp = 0
>>> for pkt in capture:
... tsdata=dict(pkt['TCP'].options)
... tsvalpkt = tsdata['Timestamp'][0]
... tsecrpkt = tsdata['Timestamp'][1]
... if tsvaltmp == tsecrpkt:
... rtt = tsvalpkt - tsecrtmp
... if rtt != 0 and tsecrtmp != 0:
... print rtt
... tsvaltmp = tsvalpkt
... tsecrtmp = tsecrpkt
...
6014
8
8
8
6310
9
>>>
請注意,wireshark時間相差近100倍。就好像您在亞馬遜上訂購了4個數據包,他們會在24小時,26小時,聖誕節和新年期間到達。 – phihag
你說得對。但是如果這是可能的話,我可以發佈整個捕獲。我手動檢查了一些值(通過減去req和回覆時間戳),這些看起來是正確的。 –