Scribd Logo
Upload

Welcome to Scribd!

  • T2 4 Chappell Trace File Analysis Latency

    Uploaded by

    Pasarel Cel Dragutzel
    36 views12 pages
    This document discusses analyzing network performance issues such as latency using trace file analysis in Wireshark. It explains how to identify wire latency, client latency, and server latency by examining the time between steps in the TCP handshake process and data transfer, such as between the SYN and SYN ACK packets. High latency times between certain steps would indicate where the latency issue is located, such as on the network path, client, or server. The document provides examples of analyzing latency issues using packet captures.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses analyzing network performance issues such as latency using trace file analysis in Wireshark. It explains how to identify wire latency, client latency, and server latency by examining the time between steps in the TCP handshake process and data transfer, such as between the SYN and SYN ACK packets. High latency times between certain steps would indicate where the latency issue is located, such as on the network path, client, or server. The document provides examples of analyzing latency issues using packet captures.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    36 views12 pages

    T2 4 Chappell Trace File Analysis Latency

    Uploaded by

    Pasarel Cel Dragutzel
    This document discusses analyzing network performance issues such as latency using trace file analysis in Wireshark. It explains how to identify wire latency, client latency, and server latency by examining the time between steps in the TCP handshake process and data transfer, such as between the SYN and SYN ACK packets. High latency times between certain steps would indicate where the latency issue is located, such as on the network path, client, or server. The document provides examples of analyzing latency issues using packet captures.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Trace File Analysis

    Identifying Wire Latency, Client Latency, Server Latency

    Laura Chappell
    Founder | Wireshark University
    SHARKFEST '08 Foothill College March 31 - April 2, 2008

    SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

    Full Speed

    Traffic TAP

    1 Gb
    Capture and Injection

    2 Copper ports

    Wireshark

    Aggregation

    WinPcap

    Analyzing Network Performance Issues


    Key Issues: High Latency (Client, Server, Link) Packet Loss (Upstream, Downstream) Congestion (Network, Receiver) Configuration Problems (Service Unavailable, Loops) Redirections (Routing, Service) Interdependencies (Third Parties) Low throughput (Itty-Bitty Bitty Stinkin Packets) Negotiation Faults (Protocol or Application Layer)

    Wire Latency - Client Latency - Server Latency

    SYN SYN ACK ACK GET / ACK DATA

    Wire Latency - Client Latency - Server Latency

    SYN 1 SYN ACK ACK GET / ACK DATA 1


    Time between the SYN and SYN ACK indicates the roundtrip wire latency time and processing through the TCP/IP stack to establish a connection. If this takes a long time on average, consider looking at links and devices along the network path that might be introducing latency.

    Wire Latency - Client Latency - Server Latency

    SYN SYN ACK 2 ACK GET / ACK DATA 2 Time between the SYN ACK and the ACK indicates the speed of the client in responding this only relates to the client's TCP/IP stack, not their ability to process applications.

    Wire Latency - Client Latency - Server Latency

    SYN SYN ACK ACK 3 GET / ACK DATA 3


    Time between the ACK and the GET command (or whatever command is sent next) indicates the speed of the client's application to make requests. Applications typically make an immediate request to the server upon completion of the TCP hanshake process. (Exception applications that wait for a server to send data first FTP, for example the client waits for the banner.)

    Wire Latency - Client Latency - Server Latency

    SYN SYN ACK ACK GET / 4 ACK DATA Time between the GET command and the ACK indicates wire latency again. If this takes a long time, then look at the network path again.

    Wire Latency - Client Latency - Server Latency

    SYN SYN ACK ACK GET / ACK 5 DATA 5


    Time from the GET command to the actual return of data indicates the time required by the server to process the request and get the data back to the client. If this time value is high (but #4 is low), then we'd look at the server as the slow one in this connection.

    Lab: Latency
    Issue: downloads take too long File: download-bad.pcap Review the handshake process and evaluate the time between:
    SYN and SYN ACK SYN ACK and ACK GET and related ACK ACK and data requested _______ ms _______ ms _______ ms _______ ms

    At this point, where does the latency problem appear to be located? Server? Client? Wire?

    Lab: Latency
    Issue: downloads take too long File: anotherlousyhotelnetwork.pcap Review the handshake process and evaluate the time between:
    DNS query DNS response SYN and SYN ACK SYN ACK and ACK GET and related ACK ACK and data requested _______ ms _______ ms _______ ms _______ ms _______ ms _______ ms

    At this point, where does the latency problem appear to be located? Server? Client? Wire?

    Whats Next?
    Lauras Lab Kit v9 In show bags as well as ISO image: www.novell.com/connectionmagazine/laurachappell.html

    You might also like