packet 1: 44.667 to DNS1
packet 2: 45.667 to DNS1
packet 3: 45.667 to DNS2
packet 4: 46.009 response from DNS1
all of the 3 packets, i.e. DNS Queries share the same ID (should this be?)
Wireshark calculates the time difference (dns.time) between packet 2 and 4 and not between 1 and 4!
So when you create a graph, the time difference looks ok, i.e. some 300 ms but actually it was 1300 ms.
Windows per default will resend DNS queries to all configured DNS servers after 1 second! That is packet 2 and 3.
- Why is the ID the same? Is this a must or a bug?
- What can I do to get the real time difference?
This is where I got the info on how to graph dns.time:
http://ask.wireshark.org/questions/3678/dns-transaction-latency
I use dns.time AVG(*) dns.time and Dot.
No comments:
Post a Comment