I have a dissector whose protocol is under TCP/IP. When I identify a packet, I would like to find the frame that is the ACK for my PSH,ACK packet. My goal is to find the abs_tm value of the ACK packet and use that as a starting time of host processing, instead of using the abs_tm of my packet, since that would include the network latency.
While dissecting, the tcpinfo data has lastackseq, but not a frame number. There is a tcp_acked structure, but I don't know how to locate it. The ACK frame's SEQ Analysis says what frame it is ACKing, but the SEQ Analysis of my frame doesn't point to the ACK. And I can't create a dissector to look for it because the ACK frame has no TCP payload, so it won't call a dissector. Is there some way I can locate the ACK frame of a packet and look at its abs_tm value? Thank you, Jay Turner ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
