Wireshark-users: Re: [Wireshark-users] How to interpret RTT graph
From: Hugo van der Kooij <hugo.van.der.kooij@xxxxxxxxx>
Date: Thu, 28 Mar 2019 09:06:34 +0000
Graphs are just that. They can show you some information on where to focus your investigation.
But now you have to get into the trenches and fight it out with the sessions in packet to packet combat.
Based on just a graph there is no way to answer you questions.
So you have to dig into the packet capture AND understand what you are looking at.
There is now way to do that based on an interpretation (graph) of a packet capture in an environment no one here knows anything about.
Sorry, my cristal ball is out for repairs and I'm not expecting it back anytime soon.
-----Original Message-----
From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of L A Walsh
Sent: Thursday, 28 March 2019 07:15
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] How to interpret RTT graph
I was looking to understand the Round Trip Time graph and why it seems to jump up and down between near 0 and 270ms. That doesn't make sense to me -- first I don't see how some of them would have an RTT time of near 0 -- I don't see how that would be possible, so I figure I don't understand how to read the graph.
Also, I don't see why the RTT would jump up and down and why there are "gaps" in the graph like between 45-85 seconds, vs. almost a solid-like appearance between 380-410s.
Here is the RTT and througput graphs I'm trying to decipher:
https://i.imgur.com/4ijLxTJ.jpg
It looks like I have a relatively low latency when the graph peaks at around 150ms, but then something causes a jump so that latency climbs to over 250ms.
It also seems to be the case where I'm getting low latency that my throughput peaks with average packet length falling from 1500 down to <100bytes.
I don't see any clear errors. or why there is such a sudden drop
Should I be looking for some type of dropped packets or errors?
Could this be cause by my ISP cutting bandwidth in a step-wise manner as a means to control? Or could this be some sort of buffer-bloat with some buffer filling up and something halting output to wait for some buffers to drain...??
Another possibility is the application on my end is running on a high speed internal net with a 9k jumbo frame size -- could the mismatch between that the external frame size of 1.5k be causing some type of hysteresis?
Any ideas on how, if it is possible I might even this out?
It sorta wreaks havok with the local application...
Thanks!
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.wireshark.org%2flists%2fwireshark-users&c=E,1,8ZTsaNKt9SeZzVOdHVaJKKMZ34t7oRBLgJ8QJ3YXFu-GWQgY3-aqBRMtrYwzaHC1h0uBWfzcBeizriU4BhD935QttWCKY5uHvJhIxQkcz_9gLbwsSSZlvLYS7A,,&typo=1
Unsubscribe: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.wireshark.org%2fmailman%2foptions%2fwireshark-users&c=E,1,-snK-HCy8u_ZyNshnrpjna6CNcpbKQLU2YLFOkH8ZCyX51t8oIpMoSc3ZfuMAUXoj48UEJex4yovrTc1nJTL943AxSP6rl0x7xJOymGA3Msy64w,&typo=1
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
But now you have to get into the trenches and fight it out with the sessions in packet to packet combat.
Based on just a graph there is no way to answer you questions.
So you have to dig into the packet capture AND understand what you are looking at.
There is now way to do that based on an interpretation (graph) of a packet capture in an environment no one here knows anything about.
Sorry, my cristal ball is out for repairs and I'm not expecting it back anytime soon.
Met vriendelijke groet / Kind regards, | ||||||||||||||
| ||||||||||||||
| ||||||||||||||
|
From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of L A Walsh
Sent: Thursday, 28 March 2019 07:15
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] How to interpret RTT graph
I was looking to understand the Round Trip Time graph and why it seems to jump up and down between near 0 and 270ms. That doesn't make sense to me -- first I don't see how some of them would have an RTT time of near 0 -- I don't see how that would be possible, so I figure I don't understand how to read the graph.
Also, I don't see why the RTT would jump up and down and why there are "gaps" in the graph like between 45-85 seconds, vs. almost a solid-like appearance between 380-410s.
Here is the RTT and througput graphs I'm trying to decipher:
https://i.imgur.com/4ijLxTJ.jpg
It looks like I have a relatively low latency when the graph peaks at around 150ms, but then something causes a jump so that latency climbs to over 250ms.
It also seems to be the case where I'm getting low latency that my throughput peaks with average packet length falling from 1500 down to <100bytes.
I don't see any clear errors. or why there is such a sudden drop
Should I be looking for some type of dropped packets or errors?
Could this be cause by my ISP cutting bandwidth in a step-wise manner as a means to control? Or could this be some sort of buffer-bloat with some buffer filling up and something halting output to wait for some buffers to drain...??
Another possibility is the application on my end is running on a high speed internal net with a 9k jumbo frame size -- could the mismatch between that the external frame size of 1.5k be causing some type of hysteresis?
Any ideas on how, if it is possible I might even this out?
It sorta wreaks havok with the local application...
Thanks!
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.wireshark.org%2flists%2fwireshark-users&c=E,1,8ZTsaNKt9SeZzVOdHVaJKKMZ34t7oRBLgJ8QJ3YXFu-GWQgY3-aqBRMtrYwzaHC1h0uBWfzcBeizriU4BhD935QttWCKY5uHvJhIxQkcz_9gLbwsSSZlvLYS7A,,&typo=1
Unsubscribe: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.wireshark.org%2fmailman%2foptions%2fwireshark-users&c=E,1,-snK-HCy8u_ZyNshnrpjna6CNcpbKQLU2YLFOkH8ZCyX51t8oIpMoSc3ZfuMAUXoj48UEJex4yovrTc1nJTL943AxSP6rl0x7xJOymGA3Msy64w,&typo=1
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] How to interpret RTT graph
- From: L A Walsh
- [Wireshark-users] How to interpret RTT graph
- Prev by Date: [Wireshark-users] How to interpret RTT graph
- Next by Date: [Wireshark-users] How to interpret RTT graph
- Previous by thread: [Wireshark-users] How to interpret RTT graph
- Next by thread: [Wireshark-users] How to interpret RTT graph
- Index(es):