Re: Identifying packets beyond proxies

[Julio Talaverano <delaflota () yahoo com>]

Νo, unfortunately I can't ping from one endpoint to another. No route.Thanks


 
      From: Ed Hoeffner <hoeff001 () umn edu>
 To: 'Community support list for Wireshark' <wireshark-users () wireshark org> 
 Sent: Thursday, April 2, 2015 11:14 PM
 Subject: Re: [Wireshark-users] Identifying packets beyond proxies
   
#yiv3557858726 #yiv3557858726 -- _filtered #yiv3557858726 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} 
_filtered #yiv3557858726 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv3557858726 {font-family:Calibri;panose-1:2 15 5 
2 2 2 4 3 2 4;}#yiv3557858726 #yiv3557858726 p.yiv3557858726MsoNormal, #yiv3557858726 li.yiv3557858726MsoNormal, 
#yiv3557858726 div.yiv3557858726MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv3557858726 a:link, 
#yiv3557858726 span.yiv3557858726MsoHyperlink {color:blue;text-decoration:underline;}#yiv3557858726 a:visited, 
#yiv3557858726 span.yiv3557858726MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv3557858726 
span.yiv3557858726EmailStyle17 {color:#1F497D;}#yiv3557858726 .yiv3557858726MsoChpDefault {font-size:10.0pt;} _filtered 
#yiv3557858726 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv3557858726 div.yiv3557858726WordSection1 {}#yiv3557858726 Hi  You 
could ping one or both of the endpoints from the other to provide a reference point in each capture. Those packets will 
stand out…  Ed  


    
On Apr 2, 2015, at 10:22, Julio Talaverano <delaflota () yahoo com> wrote:  Hi,  I have to investigate on slow speed in 
the pick hours when our users surf the internet.The first problem is that we use three proxies throughout our network 
(A, B and C) until the last one(C) connects to the web server through the last firewall.The second problem is, we use 
the BitBox Enterprise solution which  means that any connections connect over a vpn to he BitBox gateway and then the 
traffic continues through the other proxies in clear which means I can't follow a connection from the initiating 
client.  My approach is to capture the traffic on all intermediate stations in  order to find out the RTTs of several 
http packets when they enter the proxy A (Ironport)  and when the same packet leaves the internet firewall.If this time 
is too long then I try to find the bottleneck inside our network.  So I tried a few tests accessing some unusual pages 
just to be sure that they are not in any of the caches and no one else is accessing them while I'm testing.  My 
question is now how I can reliably identify a packet along the whole path(at any intermediate capturing device)?Are the 
rel. SEQ# in Wireshark reliable enough? or at least a series of identical SEQs?  Or is there a better way to do that?  
ThanksJulio      ___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe
  
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe