Wireshark-users: Re: [Wireshark-users] Question on Internet Performance Troubleshooting
From: "Laura Chappell" <lchappell@xxxxxxxxxxxxxxxx>
Date: Fri, 2 Mar 2007 10:13:53 -0800
Jim, 

If you can capture on both sides of the firewall with two time synced WS
systems then you can merge the trace files and note the delay at the
firewall. 

10% is really high - now it may be that there is packet loss somewhere
upstream (closer to the HTTP server) and it's not your firewall's fault at
all.  When we a high number of lost packets (which, during the file download
will cause duplicate ACKs from the client and retransmissions from the
server) we'll run ping potter or ping path to identify where packet loss may
be occurring - you're kind of comparing apples to oranges, however and may
find your itty bitty pings go flying through while larger packets are
dropped. We have noted a router upstream from us that is dropping packets
through this process, however. 

Do you only find the packet loss when the firewall is in place? Have you
tried jacking in outside the firewall to perform the same download? What
latency times are you seeing? If your duplicate ACK count gets really high
(not just up to DUPE ACK #2 or so), then you may look into latency issues as
well. 

Laura
lchappell@xxxxxxxxxxxxxxxx
 
This message is intended only for the use of the addressee and may contain
information that is privileged and confidential. If you are not the intended
recipient, you are hereby notified that any use and/or dissemination of this
communication is strictly prohibited. If you have received this
communication in error, please delete all copies of the message and its
attachments and notify the sender immediately.


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Small, James
Sent: Friday, March 02, 2007 8:51 AM
To: Community support list for Wireshark
Subject: [Wireshark-users] Question on Internet Performance Troubleshooting

Hello,

Recently while installing a firewall for someone, I noticed that the
firewall seemed to cause/exacerbate Internet performance issues.  There
were some issues even without the firewall, but the firewall definitely
made the issues significantly worse.

Of course I used Wireshark to perform a whole bunch of captures but I
could not figure out anything definitive.

I did notice that when I had a "problem" connection which would exhibit
erratic throughput (for example, an http download), that there seemed to
be a fairly high number of duplicate acks/retransmissions/out of order
packets - around 10%.

My question is - for trying to monitor/isolate/troubleshoot network
performance problems, are there any addition ways I can leverage
Wireshark or use complimentary tools?

What about simulation?  Would anyone recommend something like this to
help?  If so, could you recommend a tool to use in concert with
Wireshark?

Thanks,
  --Jim

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users