Finding handshake delays in wireshark
A simple trick to find the gap between SSL Client Hello and Server Hello. The trick is grabbing only the frames of a TCP conversation you want, then asking for the full TCP conversation stats: tshark -r original.cap -q -z conv,tcp,"ssl.handshake.type == 1 || ssl.handshake.type == 2" | awk '/https/{print $11 " " $1}'|sort -n