Define a useful naming scheme for your trace files as soon as possible. Consider including capture location, capture purpose and any notes about the trace file in your trace file names.
sw1-msmith-slowsalesforce.pcapng
sw1-msmith-backgroundidle.pcapng
local-gspicer-slowbrowse.pcapng
local-gspicer-uploadstuck.pcapng
fs2-disconnects.pcapng
rtr2side1-slowpath.pcapng
rtr2side2-slowpath.pcapng
Tips for Analyzing TCP-Based Applications
-Look at the TCP handshake to get a snapshot of round trip time.
If capturing at the client, measure the time between the SYN and the SYN/ACK.
If capturing at the server, measure the time between the SYN/ACK and ACK.
-Open SYN and SYN/ACK packets and examine TCP peer capabilities (TCP Options).
Decent MSS size?
SACK supported by both?
Window Scaling supported by both?
Decent scaling factor?
-Launch the IO Graph and look for drops in throughput.
Add the Bad TCP coloring rule filter to the IO Graph to correlate drops in throughput with TCP issues (the Golden Graph).
-Open the Expert Infos to view detected problems.
Focus on Errors, Warnings and Notes.
Expand sections and click on packets to jump to that location in the trace file and explore further.
-View and sort the TCP Delta column (tcp.time_delta).
Sort the column from high to low and examine delays.
Do not get distracted by "normal delays" (refer to Do not Focus on "Normal" or Acceptable Delays).
-View and sort the Calculated window size field to look for issues.
Do not worry about FIN or RST packets with Window 0 values.
Look for low window size values and delays in close proximity.
Tips for Locating the Cause of Intermittent Problems
Consider using a Ring Buffer during the capture process. To capture intermittent problems, set up a capture machine close to one of the machines that experiences the problem. Start capturing traffic to a file set and define the number of files to be saved by the Ring Buffer. Do not set an auto stop condition—stop the capture as soon as possible after the problem occurs.
When you stop capturing the last file is displayed. Work backwards through this file and then the
other files in the file set to locate the problem. Select File | File Set | List Files to view and navigate
between files in the file set.
Tips for Detecting WLAN Problems
You need to capture the 802.11 Management, Control and Data frames, the 802.11 header, and have a pseudoheader applied. Management and Control frames are necessary to identify problems with associating and authenticating to a WLAN. Data frames provide us with the actual throughput rates on a WLAN.
Tips for Sanitizing Trace Files
Security rule: Never share trace files that may contain confidential information. Use TraceWrangler that was created specifically to sanitize .pcapng files.Tips for When you get stuck
Search www.ietf.org, www.wiresharkbook.com/resources.html, and also consider asking for help at ask.wireshark.org.
Does your website have a contact page? I'm having trouble locating it but, I'd like to send you an e-mail. I've got some suggestions for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it grow over time.
ReplyDeleteI am now not certain where you are getting your information, but good topic. I needs to spend some time studying more or figuring out more. Thank you for magnificent information I used to be searching for this info for my mission.
ReplyDelete