Hi Team, Do we can decide that a transaction is using async / sync by wireshark ? which the button / tools in wireshark we can see sync / async ? Thanks Wilis asked 15 Jul '13, 19:17 Wilis |
2 Answers:
OK, so if there is only ONE client thread involved with a client <-> server endpoint pair (i.e., on any given client machine, you don't have multiple client processes or threads sending transactions to a given server between the same endpoints), then you can manually determine whether the client thread is running synchronously or asynchronously by looking at the traces; there are no built-in tools in Wireshark where you can just "push a button" and get the answer. You might be able to write, for example, a Lua script for your particular protocol that could do that; figuring out how to do that is up to you. If there's more than one client thread using the endpoint pair, each thread might be acting synchronously, but the client as a whole might act asynchronously, with thread 1 sending a transaction and thread 2 sending another transaction before the reply from transaction 1 is sent back. Unless there's some way to identify which thread sent or received a particular packet, you can't distinguish between threads acting asynchronously and multiple synchronous threads just by looking at a network trace. If Wireshark is not running on the client machine, then, unless the protocol has some field in it that lets you identify which thread sent a request or to which thread a reply is being sent, there's no way to determine which thread sent or received a particular packet. Even if it is running on the client machine, Wireshark doesn't currently provide a way to associate packets with processes (other than the very limited mechanism supported by OS X Mountain Lion's tcpdump, but not supported by Wireshark, which only associates process names with some outgoing packets by attaching pcap-ng comments to them), and, even if it did, that wouldn't let you identify particular threads within a process. answered 15 Jul '13, 21:06 Guy Harris ♦♦ |
I assume this question is a follow-up to your other question: http://ask.wireshark.org/questions/22843/discrepancy-between-psh-and-without-psh You already asked for a way to detect sync/async requests in Wireshark.
As your communication is HTTP the requests can be asynchronous or synchronous only within the logic of your software, as there is no such concept in the HTTP protocol. The communication of your client uses one TCP connection to send several HTTP/1.1 GET requests (at least according the the information you provided in your other question). As per definition of HTTP the client must wait for the answer before it is allowed to send another request (unless you use HTTP/1.1 pipelining). The structure of your communication could be called serial/sequential (request, response, request, response, etc.). If you want to speed up the communication you need some form of parallel communication, meaning the client must open several parallel TCP connections and send different requests through these TCP connections. If the order of the client requests is not important, you don't have to synchronize these requests within the application and then we are talking about something that could by called asynchronous communication within your application. Maybe parallel communication will solve the problem you faced in the other question. However, please see also my analysis in that question for the (real) cause of the performance problems. I think it would be easier to analyze the problem of delayed response within the server, instead of re-writing the client to use parallel communication.
UPDATE As @Guy Harris already said: There is no one-click solution in Wireshark to detect 'asynchronous' (I'd say parallel) communication in your scenario. However, you can figure out pretty easily if a client opens several parallel connections to a server by running the following command on the capture file.
Please replace:
Then look at the tcp.stream numbers (output of tshark). Is there only one number, do the numbers increase constantly or are the numbers intermixed?
Regards answered 16 Jul '13, 02:31 Kurt Knochner ♦ edited 16 Jul '13, 05:38 Hi Kurt, Thanks for your explanation, we will try your suggestion later. In the other hand, here are the results of snoop from client A and client B : Client A :
CLIENT B :
As i know that client A is using Async, and client B is using Sync. Client A using Async because i see that the structure of transaction is not irregullar. Client B using Sync becuse i see that the structure of transaction is regullar. Correct me if i am wrong. Thanks Wilis (16 Jul '13, 20:08) Wilis
I explained the difference between sync/async and serial/sequential/parallel above. The communication of both A and B is using several TCP connections. However, Client A opens one connection after the other (serial/sequential), while Client B uses several connections in parallel. The output of the tshark command (see my answer) would be: Client A:
Client B:
So, to me it looks like Client B uses parallel communication, while Client A uses serial/sequential communication. If you still like the terms sync/async, I would say, that the application on Client B seems to be working in async mode, as several requests are being sent, before the answer for other requests has arrived. Client A seems to be working in sync mode, as it sends a request, waits for an answer, sends a request, waits for an answer, etc. (16 Jul '13, 23:31) Kurt Knochner ♦ |
What do you mean by "synchronous" and "asynchronous" here?
Hi Harris,
Sync is the second transaction will be sent once the first transaction finished. Async is will be sent transaction regardless the first transaction finished.
Thanks Wilis