Of course you will need some script (Perl, Python or whatever you speak fluently) to extract and calculate that. Then take the time stamp of both (here frame.time_relative) to calculate the RTT. As you can see, you will find the necessary information in the output (IP Adresses, ICMP Identifier and Sequence number) to match those two frames. Frame #11 is the TIME Exeeded for that ECHO Request. Wireshark (tshark) will also dissect the ICMP ECHO Request header within ICMP Time Exceeded. :/tmp$ tshark -nr icmp.pcap -T fields -e frame.number -e frame.time_relative -e ip.src -e ip.dst -e icmp.type -e de -e icmp.ident -e q -E separator=\ -E header=y Take a look at the following output of tshark
0 kommentar(er)
