This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Identifying traffic bursts

0

Hello!

I have an issue in our LAN (ca. 50 clients).

I encounter high traffic bursts (traffic peaks at a very short timeframe). The problem is, that because of that we have quality issues with our VoIP lines as the router cannot handle the QoS queues during these bursts.

The bursts come irregularly every 10 seconds. I can use a monitoring port to monitor the total traffic in the LAN with Wireshark.

I would like to find out where these bursts come from. How can I set the filters in order to see these bursts?

The bursts apply to the QoS filter, which detects every transfer to the VOIP-provides-servers...

Many Thanks!

Henry

asked 04 Jan '13, 02:44

Henry%20B's gravatar image

Henry B
1111
accept rate: 0%


One Answer:

2

You could start by using the I/O Graph in the statistics menu to see if there are spikes in the traffic. You might have to reduce the tick time to values below 1 second to be able to see very short bursts, and play around with the packets/tick and bits/tick settings as well. When you find a peak that is suspicious you can click on the graph and Wireshark will jump into that area in the packet list. In there you'll have to determine who is doing the most traffic, for example by using the conversation and endpoint statistics menu. I would probably set a filter on start and end time of the burst and then open these statistics. In there, you can select "limit to display filter" to force the statistics to only show you values for the time range you filtered on.

answered 04 Jan '13, 02:52

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%