This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

bandwidth overload - lost packets

0

Hello, Recently we had problem with one of our branch office - due to bandwidth overload we had 35% of lost packets to that site. We contacted our ISP and they told us that on our 2mbit leased line we were using 2.7 mbit of bandwidth. This only happens at 3pm when most of application contact it's servers over WAN.

I have used wireshark at exact time of WAN bandwidth overload and have captured a lot of packets.. But how can I figure our which service is doing the overload of bandwidth? As I have heard most applications are optimized to test how much bandwidth there is for use and to use it so that no overload happens..

Have you ever experienced this kind of WAN behavior?

asked 09 Aug '12, 04:59

dsladojevic's gravatar image

dsladojevic
0112
accept rate: 0%

I have used wireshark at exact time of WAN bandwidth overload and have captured a lot of packets.

Where did you capture? At your client or in front of the WAN router?

(09 Aug '12, 06:17) Kurt Knochner ♦

One Answer:

2

But how can I figure our which service is doing the overload of bandwidth?

Take a look at the Protocol Statistics and at the Conversations

Statistics -> Protocol Hierarchy

Look at the percentage of the various protocols.

Statistics -> Conversations -> Tab: IPv4

Sort the output for Bytes. Take a closer look at those conversations with the most data. Do the same for the Tab "TCP" in that GUI.

Regards
Kurt

answered 09 Aug '12, 06:21

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks Kurt! You have really helped me find the issue!

(10 Aug '12, 03:40) dsladojevic

@dsladojevic I've converted your "answer" to a comment as that's how this site works, see the FAQ for more info.

If the answer does in fact answer your question, please accept it by clicking on the checkmark icon at the left hand side of the answer. This lets other folks know the correct answer(s) to your question.

(10 Aug '12, 03:50) grahamb ♦