What is the meaning of the TSV and TSER fields in an Ethereal dump?

Question

What is the meaning of the TSV and TSER fields in an Ethereal dump? I tried googling but could not find the answer.

Answer 1

TSV is the Timestamp Value field. It is used in conjunction with sequence number to uniquely identify segments (since sequence numbers may wrap).

TSER is the Timestamp Echo Reply field. This is used in ACK messages. It holds a copy of the last TSV value received. It can be used for round trip time estimation (RTT = current time - TSER).

The fields are formally described in RFC 1323 (TCP Extensions for High Performance):

  TCP Timestamps Option (TSopt):

     Kind: 8

     Length: 10 bytes

      +-------+-------+---------------------+---------------------+
      |Kind=8 |  10   |   TS Value (TSval)  |TS Echo Reply (TSecr)|
      +-------+-------+---------------------+---------------------+
          1       1              4                     4

     The Timestamps option carries two four-byte timestamp fields.
     The Timestamp Value field (TSval) contains the current value of
     the timestamp clock of the TCP sending the option.

     The Timestamp Echo Reply field (TSecr) is only valid if the ACK
     bit is set in the TCP header; if it is valid, it echos a times-
     tamp value that was sent by the remote TCP in the TSval field
     of a Timestamps option.  When TSecr is not valid, its value
     must be zero.  The TSecr value will generally be from the most
     recent Timestamp option that was received; however, there are
     exceptions that are explained below.