What is the meaning of the TSV and TSER fields in an Ethereal dump? I tried googling but could not find the answer.
+1
A:
TSV is the Timestamp Value
field. It is used in conjunction with sequence number to uniquely identify segments (since sequence numbers may wrap).
TSER is the Timestamp Echo Reply
field. This is used in ACK messages. It holds a copy of the last TSV value received. It can be used for round trip time estimation (RTT = current time - TSER).
The fields are formally described in RFC 1323 (TCP Extensions for High Performance):
TCP Timestamps Option (TSopt):
Kind: 8
Length: 10 bytes
+-------+-------+---------------------+---------------------+
|Kind=8 | 10 | TS Value (TSval) |TS Echo Reply (TSecr)|
+-------+-------+---------------------+---------------------+
1 1 4 4
The Timestamps option carries two four-byte timestamp fields.
The Timestamp Value field (TSval) contains the current value of
the timestamp clock of the TCP sending the option.
The Timestamp Echo Reply field (TSecr) is only valid if the ACK
bit is set in the TCP header; if it is valid, it echos a times-
tamp value that was sent by the remote TCP in the TSval field
of a Timestamps option. When TSecr is not valid, its value
must be zero. The TSecr value will generally be from the most
recent Timestamp option that was received; however, there are
exceptions that are explained below.
ire_and_curses
2010-03-26 16:09:14