Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to systematically determine where my network bottleneck "choke-points" are?

From: Martin Visser <martinvisser99 () gmail com>
Date: Fri, 22 Mar 2013 07:03:08 +1100
Wireshark is great for lots of things. Unfortunately though it can be a bit
like using a microscope to do landscape photography - in that you take
sample "images" at a particular place in time and space, and need to glue
it all together to get the full picture. I would certainly use it for
instance at the client side of various workstations (maybe port-mirror some
of the access switch ports) to answer questions like, who is the
workstation talking to and what for? Are their application bottle necks
like slow authentication processes or name lookups, is the workstation
using a web  proxy for internal traffic when it shouldn't. You should be
able to measure the response times. In the core of network you might look
for obvious indicators of bad things - lots of unanswered ARP requests,
ICMP "warnings" like redirects or port unreachables. If you have a fast
capture box you might be able look at what peak traffic loads are (but
probably only a port at a time). At the server end you also work out how
successful your server is at responding to request - eg do my HTTP request
to response time seem slow, or SQL response, or am I limited in how fast I
can stream traffic towards the client by delay in ACKing my traffic.

Ultimately it is just one tool in your box. You probably also want to look
at properly instrumenting your network via SNMP or logging etc, Also
getting an experience consultant simply walking through your architecture
and configs will help a lot.

Regards, Martin

MartinVisser99 () gmail com


On 21 March 2013 02:21, Ed Flecko <edflecko () gmail com> wrote:


I'm learning Wireshark and I know it can help with this problem.

I have the typical WAN/WLAN combo like I'm sure you all do.

Management wants to upgrade the capability of the network, so I need
to figure out what network components I may need to upgrade to
eliminate choke-points - do I need to upgrade switches, cabling, etc.,
etc., etc.?

I'm open to any suggestions on how to accurately determine what I need
to upgrade, but I'm SURE Wireshark can help me determine this, but I
don't know how best to use it to do so.

Are there any books, videos, websites, etc. that can help me with this?

Thank you for your suggestions!

Ed
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: