wireshark basics
TRANSCRIPT
![Page 1: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/1.jpg)
NDI Communications - Engineering & Training
Network analysis Using WiresharkPresented by: Yoram Orzach, NDI
![Page 2: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/2.jpg)
Page 2
Chapter Content
A few words about troubleshooting tools
Wireshark – basics
Wireshark – advanced features
Case studies
![Page 3: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/3.jpg)
Page 3
Network TS Tools
By the end of this lesson, you will be able to understand and
use:
1. PC tools – Ping, Tracert ,Netstat, ARP …..
2. Access to communication equipments – Switches, Routers ….
3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..
4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..
5. Special tools – Netflow, Solawinds …..
6. Dedicated analyzers – Agilent, Spirent, …..
![Page 4: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/4.jpg)
Page 4
1. PC Tools - Ping, Tracert ,Netstat, ARP …..
End to end basic connectivityFirst “filling” of the network behavior
To ISP
![Page 5: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/5.jpg)
Page 5
2. Access to communication equipments – Switches, Routers, ….
Local data – counters in equipment itself
For local problem isolation
To ISP
![Page 6: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/6.jpg)
Page 6
3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..
Local, in-depth, packet-by-packet protocol analysis of network traffic
Network, hardware and application behavior
To ISP
![Page 7: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/7.jpg)
Page 7
4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..
Continues monitoring and mappingEvents and notificationsMaps systemMostly SNMP based
To ISP
![Page 8: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/8.jpg)
Page 8
5. Special tools – Netflow, Solawinds …..
Traffic analysis, engineering tools etc …
To ISP
![Page 9: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/9.jpg)
Page 9
6. Dedicated analyzers – Agilent, Spirent, …..
Simulators, applications tests etc …
To ISP
![Page 10: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/10.jpg)
Page 10
Were to Locate the Wireshark?
To ISP
For server monitoring:Connect the laptop to the LAN switch, with port mirror to the monitored server
For WAN monitoring:Connect the laptop to the LAN switch, with port mirror to the monitored router
For Internet connectivity monitoring:Before or after the Firewall
![Page 11: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/11.jpg)
Page 11
Chapter Content
A few words about troubleshooting tools
Wireshark – basics
Wireshark – advanced features
Case studies
![Page 12: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/12.jpg)
Page 12
How to Connect to the Network
Monitoringport
SDSD SD SD
Monitoredport
Test method:Port monitor on LAN switchIn parallel on a hub *if have any
![Page 13: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/13.jpg)
Page 13
The Interface (Version 1.2.0)
![Page 14: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/14.jpg)
Page 14
What can we do with it, and what we Cannot?
What we can:Capture packets
Watch smart statistics
Define filters – capture and display
Analyze problems
What we cannot:It is not and automatic tool
It is not suitable for long-term monitoring
It is not a “magic” tool
![Page 15: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/15.jpg)
Page 15
TCP/IP Protocol Stack - Reminder
T.R.
F.R.Ethernet
DialUp ISDN
ATM
IP ICMP
TCP UDP
Telnet SNMPHTTPFTP DNSSMTP
ARP
OSI Layer 1/2
OSI Layer 3
OSI Layer 4
OSI Layer 5-7
![Page 16: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/16.jpg)
Page 16
Data Structure
Over-head Data Layer 4
Err(Op.)
DataOver-head Layer 3
Err(Op.)
Data Layer 1
Over-head Data Layer 2
Err(Op.)
Over-head Data Layer 5-7
Err(Op.)
![Page 17: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/17.jpg)
Page 17
Data Structure
![Page 18: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/18.jpg)
Page 18
Data Flow
Server Router Router
Public DataNetwork Eth.Eth.Eth.Eth.
Host
Bit stream
OH Data EIP (L3)
OH Data ETCP (L4)
OH Data EHTTP (L-5/6/7)
OH Data EEthernet (L2)
Bit stream
OH Data E
OH Data E
OH Data E
OH Data EFR (L2)
Bit stream
OH Data E
OH Data E
OH Data E
OH Data E
![Page 19: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/19.jpg)
Page 19
Frame Format – Ethernet II / 802.3
bytes
Dest.Address
SourceAddress Type
6 6 2
IP IPX AppleTalk
CRC
4
PadDataPA
8
Ethernet II
IEEE 802.3
Dest.Address
SourceAddress Length
6 6 2
CRC
4
Pad
Length
DataPA SFD
7 1
![Page 20: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/20.jpg)
Page 20
Ethernet Frame Example
![Page 21: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/21.jpg)
Page 21
IP Datagram Format
Bit stream
H Data E Ethernet (L2)
H Data IP (L3)
H Data E TCP (L4)
H Data E HTTP (L-5/6/7)
This is the IP header
![Page 22: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/22.jpg)
Page 22
IP Datagram Format
Ver Length
32 bits
Data (variable length,typically a TCP
or UDP segment)
16-bit identifier
Internet checksum
Time tolive
32 bit source IP address
Head.len
Type ofservice
flgs Fragment offset
Upper layer
32 bit destination IP address
Options (if any)
IP protocol version number
Header Length
(in bytes“Type” of
dataTotal datagram length (in bytes
For fragmentation
and reassemblyMax. no. remaining hops (decremented
at each router)
Upper layer protocol to which
payload is delivered
E.g. timestamp, record route taken,
specify list of routers to visit
![Page 23: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/23.jpg)
Page 23
![Page 24: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/24.jpg)
Page 24
IP Packet Example
![Page 25: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/25.jpg)
Page 25
UDP Frame Structure
There are only four fields in the UDP header:
Source portDestination portMessage lengthMessage checksum
source port # dest port #
32 bits
Applicationdata
(message)
UDP segment format
length checksum
Length, inbytes of UDPsegment,includingheader
Frame checksum
![Page 26: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/26.jpg)
Page 26
TCP Message Structure
source port # dest port #
32 bits
applicationdata
(variable length)
sequence numberacknowledgement number
rcvr window sizeptr urgent datachecksum
FSRPAUheadlen
notused
Options (variable length)
URG – Urgent data (generally not used
ACK: ACK # valid
PSH - Push data now
RST – Connection RESET
Ack numbers to confirm data arrival
# of bytes rcvr is willing to accept
SYNC – Start session
FIN – End session
In case of URG pointer, indicates the data location
Options
Numbering of sent data
Port Numbers
![Page 27: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/27.jpg)
Page 27
TCP Packet Example
![Page 28: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/28.jpg)
Page 28
Some Problems that Happened ….
1. A heavy load (nearly nothing works), from remote offices to the center
2. Very slow connection to an http server farm behind a load balancer
3. Slow DB server response
4. Slow application
5. Is it a problem?
Wait and see howthey were solved
![Page 29: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/29.jpg)
Page 29
Choose the Interface and Start the Capture
![Page 30: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/30.jpg)
Page 30
And You Will Get:
PacketList
PacketDetails
PacketBytes
![Page 31: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/31.jpg)
Page 31
Or – Define Capture Options
Buffer size – in order not to fill your laptop disk
Capture all packets on the network
Capture filter
Capture in multiple files
When to automatically
stop the capture
Display options
Name resolution
options
![Page 32: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/32.jpg)
Page 32
And if you want to see some details:
Example (W-LAN):Received Signal Strength Indication (RSSI) and Link speed (BW)
![Page 33: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/33.jpg)
Page 33
Example 1 – HTTP session Opened
SYN
SYN, ACK
ACK
![Page 34: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/34.jpg)
Page 34
But why bother? Wireshark give it to you!
Flow Graph:Is giving us a graphical flow, for better understanding of what we see
![Page 35: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/35.jpg)
Page 35
Here we go
![Page 36: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/36.jpg)
Page 36
But What Happened Here ???
Retransmissions, Duplicate Ack, Previous segment loss …..
![Page 37: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/37.jpg)
Page 37
Capture Filters
Capture Interfaces Options:
Filter examplesether host 00:08:15:00:08:15host 192.168.0.1tcp port httptcp port 23 and src host 10.0.0.5
![Page 38: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/38.jpg)
Page 38
![Page 39: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/39.jpg)
Page 39
Example #2– Capture traffic to www.ynet.co.il
Capture filter definition:Host www.ynet.co.il
![Page 40: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/40.jpg)
Page 40
Display Filters
![Page 41: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/41.jpg)
Page 41
Example #3 – Filter Traffic Between Hosts
SDSDSD
172.16.100.111
172.16.100.12
Port mirror to be configured from the laptop, to
The Server port or The PC port
![Page 42: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/42.jpg)
Page 42
Example #3 – Filter Traffic Between Hosts
ip.addr == 172.16.100.111 and ip.addr == 172.16.100.12
![Page 43: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/43.jpg)
Page 43
Example #4 – Filter Traffic Between Hosts
To ISP
Port mirror to be configured from the laptop, to the router port
192.168.101.253
![Page 44: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/44.jpg)
Page 44
Example #4 – Filter Traffic Between Hosts
ip.addr == 192.168.101.253
![Page 45: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/45.jpg)
Page 45
Statistics – Protocol Hierarchy
![Page 46: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/46.jpg)
Page 46
Statistics - Conversations
With some manipulation
![Page 47: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/47.jpg)
Page 47
Statistics – Conversations - What can we do with it?
On Layer-2 (Ethernet) – To find and isolate broadcast storms
And then to go to the switch, and find the troublemaker
![Page 48: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/48.jpg)
Page 48
Statistics – Conversations - What can we do with it?
On Layer-3/4 (TCP/IP) – To connect in parallel to the Internet router port, and check who is loading the line to the ISP
And then to go to him/her, and ask questions ……
![Page 49: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/49.jpg)
Page 49
Statistics – I/O Graph
During an HTTP download, we see the following I/O graph:
Is it a problem, or just the way it works ???
![Page 50: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/50.jpg)
Page 50
Saving and Manipulating Files
Save only displayed packets
![Page 51: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/51.jpg)
Page 51
Saving and Manipulating Files
Save to XLS file
![Page 52: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/52.jpg)
Page 52
And You Will Get:
Additional calculation for finding the DELAY
![Page 53: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/53.jpg)
Page 53
Filtering a Specific TCP Stream
![Page 54: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/54.jpg)
Page 54
Filtering a Specific TCP Stream
![Page 55: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/55.jpg)
Page 55
Colorizing Specific DataWe want to watch a specific protocol through out the capture file
![Page 56: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/56.jpg)
Page 56
Colorizing Specific Data
![Page 57: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/57.jpg)
Page 57
Colorizing Specific Data
![Page 58: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/58.jpg)
Page 58
Colorizing Specific Data (TLS Connection Establishment)
![Page 59: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/59.jpg)
Page 59
Chapter Content
A few words about troubleshooting tools
Wireshark – basics
Wireshark – advanced features
Case studies
![Page 60: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/60.jpg)
Page 60
Analyze – Expert Info Composite
![Page 61: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/61.jpg)
Page 61
What is Retransmission?
![Page 62: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/62.jpg)
Page 62
Take a pen and paper (colors will help), and try to figure out what happened …
212.143.162.136 192.168.2.100
Frame 555, SEQ 725, ACK 191
Frame 600, SEQ 191, ACK 1349
9.938940
10.137339
Frame 601, SEQ 1643, ACK 134910.138715
Frame 602, SEQ 1349, ACK 309510.138.757
Frame 603, SEQ 3095, ACK 134910.138860
Frame 604, SEQ 1349, ACK 310510.138.757
Frame 639, SEQ 191, ACK 134910.589888
Retransmission
RTO Expires10.137339-10.589888=0.4525 Sec
Happens when:Lost frame (RTO Expires)Cause:Slow server/PCErrors / Packet lossSudden increase in delay
![Page 63: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/63.jpg)
Page 63
What is DupAck (Duplicate Ack)?
212.143.162.136 192.168.2.100
Frame 555, SEQ 725, ACK 191
Frame 600, SEQ 191, ACK 1349
9.938940
10.137339
Frame 601, SEQ 1643, ACK 134910.138715
Frame 602, SEQ 1349, ACK 309510.138.757
Frame 603, SEQ 3095, ACK 134910.138860
Frame 604, SEQ 1349, ACK 310510.138.757
Frame 639, SEQ 191, ACK 134910.589888
RTO Expires10.137339-10.589888=0.4525 Sec
Frame 640, SEQ 2023, ACK 310510.589923
Frame 641, SEQ 3095, ACK 134910.595574
Frame 642, SEQ 2023, ACK 310510.595610
Frame 644, SEQ 3105, ACK 202310.595574
Happens when:Unexpected (not in order) sequence numberCause:Strong delay variations
DUPACK
DUPACK
![Page 64: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/64.jpg)
Page 64
Statistics – TCP Stream Graph
![Page 65: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/65.jpg)
Page 65
Round-Trip Time Graph
RTT Vs. Sequence numbers gives us the time that take to Ack every packet.In case of variations, it can cause DUPACKs and even Retransmissions Usually will happen on communications lines:
Over the InternetOver cellular networks
![Page 66: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/66.jpg)
Page 66
Time / Sequence Graph (Stevens) (#1)
Seq No [B]
Time [Sec]
Time / Sequence representes how sequence numbers advances with timeIn a good connection (like in the example), the line will be linearThe angle of the line indicates the speed of the connection. In this example – fast connection
![Page 67: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/67.jpg)
Page 67
Time / Sequence Graph (Stevens) (#2)
Seq No [B]
Time [Sec]
In this case, we see a non-contiguous graphCan be due to:
Severe packet lossServer response (processing) time
![Page 68: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/68.jpg)
Page 68
Example A - Stable Performance File Transfer
![Page 69: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/69.jpg)
Page 69
Example A - Stable Performance File Transfer
A stable throughput of around 1MB/8Mb per secondIt is important to test in parallel with SNMP tool for channel capacity
![Page 70: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/70.jpg)
Page 70
Example B – Non-Stable Performance Mail Transfer
![Page 71: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/71.jpg)
Page 71
Example B – Non-Stable Performance File Transfer
Something happened here
)After ~5.25 Seconds(
![Page 72: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/72.jpg)
Page 72
Example B – Non-Stable Performance File Transfer
5.25 seconds after start of stream, we don’t see any connectivity problems –
probably slow server/applications
![Page 73: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/73.jpg)
Page 73
RTP Connectivity
Stable stream
BW
![Page 74: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/74.jpg)
Page 74
Chapter Content
A few words about troubleshooting tools
Wireshark – basics
Wireshark – advanced features
Case studies
![Page 75: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/75.jpg)
Page 75
Case Study #1 – Remote offices become very slow
To ISP
Test methodology:With NSMP, measure traffic to center
Result – heavy traffic
With Wireshark, test who generates the traffic
192.168.110.0/24
![Page 76: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/76.jpg)
Page 76
Case Study #1 – Remote offices become very slow
![Page 77: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/77.jpg)
Page 77
Case Study #1 – Remote offices become very slow
WARM!!!
![Page 78: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/78.jpg)
Page 78
Case Study #1 – Remote offices become very slow
You can see it also in:Statistics Conversations IPv4
![Page 79: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/79.jpg)
Page 79
Case #2 – Slow HTTP Server Response
192.168.200.227
LB192.168.3.50
192.168.1.58192.168.1.46192.168.1…..
192.168.2.138
![Page 80: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/80.jpg)
Page 80
Case #2 - Client Side
![Page 81: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/81.jpg)
Page 81
Case #2 - Server Side
![Page 82: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/82.jpg)
Page 82
Case #3 – Slow DB Response
10.2.1.10510.1.1.7
Frame RelayNetwork (Year 2000)
![Page 83: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/83.jpg)
Page 83
Case #3 – Slow DB Response
Connection Establishment
![Page 84: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/84.jpg)
Page 84
Case #3 – Slow DB Response
And more packets (900+ since beginning of
connection)..…
![Page 85: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/85.jpg)
Page 85
Case #3 – Slow DB Response
And more packets (2000+ since beginning of
connection)..…
40mS delay between packets
2000Packets * 40mSec = 80Sec application delay !!!
![Page 86: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/86.jpg)
Page 86
Case #4 – Another Slow Application
![Page 87: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/87.jpg)
Page 87
Case #4 – Another Slow Application
Analyze – Exert Info Composite gives us:
Something here stinks …..
![Page 88: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/88.jpg)
Page 88
Case #4 – Another Slow Application
Strong RTT Variations !!!(a problem with client-server)
![Page 89: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/89.jpg)
Page 89
Case #4 – Another Slow Application
![Page 90: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/90.jpg)
Page 90
Case #5 - Do we have a Problem ???
![Page 91: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/91.jpg)
Page 91
Case #5 – and the Throughput Graph Shows …
Ooops …..But, is it really a problem ???
![Page 92: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/92.jpg)
Page 92
Case #5 – Expert Info Composite shows ….
Ooops …..Nearly no events over here ……..
![Page 93: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/93.jpg)
Page 93
Case #5 – This is what the application does ….
Interactive open/close read/write applicationThis his what it requires from the network ….
![Page 94: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/94.jpg)
Page 94
Case #6 – FTP over Cellular Connection
![Page 95: Wireshark Basics](https://reader038.vdocument.in/reader038/viewer/2022102316/58f9b394760da3da068bd78c/html5/thumbnails/95.jpg)
Page 95
Summary