Wireshark mailing list archives
Re: How to systematically determine where my network bottleneck "choke-points" are?
From: Martin Visser <martinvisser99 () gmail com>
Date: Fri, 22 Mar 2013 07:03:08 +1100
Wireshark is great for lots of things. Unfortunately though it can be a bit like using a microscope to do landscape photography - in that you take sample "images" at a particular place in time and space, and need to glue it all together to get the full picture. I would certainly use it for instance at the client side of various workstations (maybe port-mirror some of the access switch ports) to answer questions like, who is the workstation talking to and what for? Are their application bottle necks like slow authentication processes or name lookups, is the workstation using a web proxy for internal traffic when it shouldn't. You should be able to measure the response times. In the core of network you might look for obvious indicators of bad things - lots of unanswered ARP requests, ICMP "warnings" like redirects or port unreachables. If you have a fast capture box you might be able look at what peak traffic loads are (but probably only a port at a time). At the server end you also work out how successful your server is at responding to request - eg do my HTTP request to response time seem slow, or SQL response, or am I limited in how fast I can stream traffic towards the client by delay in ACKing my traffic. Ultimately it is just one tool in your box. You probably also want to look at properly instrumenting your network via SNMP or logging etc, Also getting an experience consultant simply walking through your architecture and configs will help a lot. Regards, Martin MartinVisser99 () gmail com On 21 March 2013 02:21, Ed Flecko <edflecko () gmail com> wrote:
I'm learning Wireshark and I know it can help with this problem. I have the typical WAN/WLAN combo like I'm sure you all do. Management wants to upgrade the capability of the network, so I need to figure out what network components I may need to upgrade to eliminate choke-points - do I need to upgrade switches, cabling, etc., etc., etc.? I'm open to any suggestions on how to accurately determine what I need to upgrade, but I'm SURE Wireshark can help me determine this, but I don't know how best to use it to do so. Are there any books, videos, websites, etc. that can help me with this? Thank you for your suggestions! Ed ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to systematically determine where my network bottleneck "choke-points" are? Ed Flecko (Mar 20)
- Re: How to systematically determine where my network bottleneck "choke-points" are? Martin Visser (Mar 21)