What is Service Response Time in Wireshark?

Service response time is the average amount of time it takes for a request to be processed by a computer system, such as your network router. In the ‘Process Time’ section, the Wireshark service report will give this information. The processing time should be around 50ms-200ms, and it can range from 1ms-1s (depending on simultaneous requests generated by packets). The processing time is a great metric for comparing performance between various network devices since it directly correlates with the actual amount of time required for a device or computer system to complete a request. For example, if you have multiple network routers that are processing all requests (with nearly‑identical hardware specifications), then you can view the processing time from Wireshark and select which router is providing the best response times. You can run a capture on the router, look for the processing time, and then do a comparison with another router. The difference in process time will help you determine which router is providing better service response times.

SMB2 Service Response Time Statistics:

This window shows the number of transactions for each SMB2 opcode present in the capture file, along with various response time statistics. Right-clicking on a row will let you apply or prepare filters for, search for, or colorize a specific opcode. we can also copy all the response time information or save it in a variety of formats.

Example:

For example, assume there are two network routers – one Cisco router with a processing time of 50ms and the other Cisco router has a processing time of 150ms. Because the first network device has an average response time of 50ms while the second network device has an average response time of 150ms, you can immediately assume that both devices have similar hardware specifications, so the difference in performance must be related to software configuration. You can do this testing in your network, with the goal of identifying which router works best. As an even better approach, you can have each router send a ping to another router and see the processing time at that other location.

In Wireshark, you can use two filters to display process time: “frame.duration_time > 0″ and “process_seconds > 0″. These filters are a bit more useful than just looking for packets whose duration is greater than 1 second since it will show the average response time of each probe request, not the sum of all requests processed in the interface since Wireshark receives several requests simultaneously for each probe request (with possibly different results).

It is important to add the “max_capture_size” to your capture file so that you capture all packets in your trace file. The processing time isn’t available when comparing data in a small capture file.

Capture SRT:

To capture Service response time in Wireshark, we need to follow some procedures given below:

Step 1: Open Wireshark on your system.

Step 2: Go to capture any stream of the local network.

Step 3: Capture some network packets on Wireshark for your local network.

Step 4: Stop Capturing after some time and select any packet that you want to monitor.

Step 5: Now go to the statistics menu and go to Service Response Time (SRT). 

Step 6: Now you can see any SRT, In this article, we are capturing SRT for smb.

Key Points:

• The difference in process time between two routers is not necessarily true if there is a difference in the amount of data transmitted.
• Process time doesn’t indicate how much traffic will be passed through your network.
• The processing time does not correlate directly with the performance of a network device. 
• Wireshark Windows 7 and 8 Service report, grouped by zone. 
• In Wireshark’s Service window, the service report page lists entries for all TCP or UDP packet exchanges between Wireshark and the examined machines.

Details:

• In Wireshark’s Service window, look at the “Process Time” section to determine which router has faster response times.
• To get even more meaningful results, you can use pings in your network to send traffic directly to two routers and compare the process times of both packets (using two separate capture files). 
• In general, the higher your network’s throughput rate is (in megabits per second), the higher your network’s response time should be in order to maintain good performance.