Wireshark-bugs: [Wireshark-bugs] [Bug 8647] SUM(tcp.time_delta)tcp.time_delta incorrect
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 19 May 2013 18:15:13 +0000

Comment # 6 on bug 8647 from 
OK, for file-copy.pcap, the syntax you demonstrate delivers the results I would
expect, sanity-checked using Excel.

I note several remaining issues though ... issues which may, of course, reflect
my ignorance more than a bug in Wireshark.

(a) The GUI approach (Wireshark) to the tshark "-z io,stat..." calculation does
not work for me.

(b) When I employ a second trace (this one illustrating an HTTP conversation),
tshark and Excel deliver differing results (and the GUI approach continues to
deliver nothing).

Background:
-Several years ago, I wrote an article for the UseNix Association's publication
";login" describing how to use various techniques to estimate the contributions
of the Client, the Network, and the Server to the total performance 'pie', i.e.
to the total transaction time.
http://www.skendric.com/app/make-cns-pie/Making-Client-Network-Server-Pie.pdf

On p.16 of that document, I demonstrated how to use tshark to perform this
calculation ... using a Display Filter ('-R') rather than an io,stat filter ...
perhaps I was simply propagating inaccurate information, perhaps tshark behaved
differently back then (v1.7.1)

-Today, I'm prepping course material for my Hands-On Lab at Sharkfest in June
... one of the case studies pushes the students toward calculating which of the
three -- Client, Network, Server -- is contributing the bulk of the drag on
performance.  So I'm brushing up on this technique, ergo my post to
wireshark-users on this topic, and my (possibly inaccurate) bug post.

In a moment, I will upload a number of attachments:
(1)
Grappling-with-IOStat-Commands.pdf
Illustrates how Excel & tshark agree, but the GUI does not deliver the results
I once saw in v1.7.1

(2)
File-Copy-tcp-src-port-445.*
File-Copy-tcp-dst-port-445.*
The text & Excel files which validate tshark's "-z io,stat..." calculation

(3)
Akamai.pcap
The trace file containing a Web browsing session in which content is downloaded
from Akamai

(4)
Akamai-tcp-src-port-80.*
Akamai-tcp-dst-port-80.*
The text & Excel files which contradict tshark's "-z io,stat..." calculation

So, I'm claiming that:
(A) The Wireshark GUI does not perform the IO/Stat calculations that it once
did
(B) tshark does not perform "-z io,stat..." calculations as predictably as we
might like

... realizing of course that perhaps I'm making errors of my own in the work
leading up to these claims.

After I click 'Save Changes' on this response, I shall go tackle a third trace,
see if I can replicate the issue.

--sk

You are receiving this mail because:
  • You are watching all bug changes.