6

I want to calculate the time that the 3 way TCP handshake occupies through wireshark between a server and a client.

I get something like:

Time        Source        Destination        Info
0.00       x.x.x.x        y.y.y.y            SYN
0.020003   y.y.y.y        x.x.x.x            SYN,ACK
0.000077    x.x.x.x        y.y.y.y           ACK 
0.000223    x.x.x.x        y.y.y.y           GET

  1. To calculate the duration of the handshake, I have to calculate the duration from the transmit of SYN, to the receive of the ACK by the server. When does the server receive the ACK? Can we see this from the client side?

  2. Another question I have is about the time in various steps. 0.02 sounds like a reasonable time and about what I would expect for the RTT between the server and the client. But why are the rest so low? 0.000077? 0.000223? What do they represent?

Kevin Bowen
  • 260
  • 1
  • 4
  • 12
baskon1
  • 175
  • 1
  • 4

1 Answers1

6

It's called 3-way handshake, so it is transmitted three times: SYN -> SYN/ACK -> ACK. The minimum time required is two 1.5 times the round-trip time (RTT).

(Each side sees a 1x RTT delay for the handshake to happen while the server is one transmission delay / .5 RTT behind the client - assuming equal transmission delay for both directions.)

In your capture, the only transmission time is between SYN and SYN/ACK. The successive ACK is the reaction to the received SYN/ACK. The socket is established on this side and the local node fires away with GET.

On the client side, the sequence is

  1. SYN sent
  2. longer delay (RTT + remote stack overhead) - 0.020003
  3. SYN/ACK received
  4. very small delay (local stack overhead) - 0.000077
  5. final ACK is sent, socket is open
  6. very small delay (local stack & application overhead) - 0.000223
  7. GET sent

On the listener (server) side, this would look like

  1. SYN received
  2. very small delay (local stack overhead)
  3. SYN/ACK sent
  4. longer delay (RTT + remote stack overhead)
  5. final ACK is received, socket is open
  6. very small delay (remote stack & application overhead)
  7. GET is received
Zac67
  • 90,111
  • 4
  • 75
  • 141