Closed nshopik closed 4 months ago
mosajjal
commented
8 months ago some prework is needed in gopacket/gopacket TCP assembly function (AssembleWithTimestamp) for this to be possible. And that'll be a breaking change for that function which is not easy to implement.
nshopik
commented
8 months ago Is AssembleWithTimestamp lacking something, I just don't see it?
I tried to build some simple code to read pcap and do same thing, but run into problems with reassemble on loss packets - it start reporting very high values, but golang is new for me.
Is it possible to extend dnsmonster to store TCP RTT values during initial handshake (difference between first and third packet)?
Paper behind on how useful TCP RTT data even if its limited compare to UDP dns https://ant.isi.edu/~johnh/PAPERS/Moura20a.pdf