Before performing the Wireshark capture, ensure that Wireshark is configured to calculate timestamps for each unique conversation, so that times are not calculated sequentially, packet by packet.
- In Wireshark, press Ctrl + Shift + P (or select Edit > Preferences).
- In the left panel, expand Protocols and select TCP.
- Ensure Calculate conversation timestamps is checked.
Add the tcp.time_delta column. TCP Delta Time measures how much time elapsed between the prior and current packet in the conversation.
- In Wireshark, press Ctrl + Shift + P (or select Edit > Preferences).
- In the left panel, select Columns.
- Select the plus icon.
- Change Title to TCP Delta Time.
- Change Type to Custom.
- In Fields, enter tcp.time_delta.
- Select OK.
Wiresharks IO Graph can be helpful to get a big picture view of the capture. In this example, it took nearly 90 seconds for a particular website to load, and the graph represents the volume of packets exchanged over the 90 second period.
On the other hand, in this capture, www.example.com was requested 22 seconds after starting the capture, and it took less than 1 second to load www.example.com.
In this example, there is significant TCP Delta Times, and most of the packets are going to 192.168.0.136. In this example, it would be good to identify the remote systems that are serving packets to 192.168.0.136, in an attempt to understand why there is latency in the transmission of data to 192.168.0.136.
