Can anyone provide some tips on determining response time to certain protocols? For instance, I can think of several protocols where I want to detect a network request then find how long it takes to get a response. The main one is ModbusTCP, where there is a request then a response some time later. Another could be DNS response times, or ARP response times. I know there is an option for service response times, but as luck would have it the ones I want are not there.
My solution is to export the packet data and bring into Excel and manipulate there. Very time consuming. Any tips, tricks, or ideas would be helpful!
Let me clarify my question a little more with an example. I may have a trace with one tcp connection, but the request and response is continuous. Each individual request and response has a response time, so I may have 100K packets, so 50K response times. I want to end with a histogram of response time, based on arbitrary criteria - say this port, or this type of request, or this packet size. Currently what I do is:
But then I export into Excel, and have to do some tests - I need two transactionIDs in a row that are the same; if so, then I can do a time delta between them and then for that function code and transactionID, I then have a response time. I do this for all the data, ignoring the cases where I have no response, or multiple requests for a response, and I can then plot and get a histogram.
Is there a way to get this in the IOgraph as part of Wireshark? I will do without the histogram, but I can live without the histogram, but a realtime response graph on the IOgraph would be fantastic. I can then just watch to see how the devices perform over time, and instantly see where we may have an issue to address.
If I need to do some scripting, I can give it a try. Can anyone point me to a suggested scripting language? I took cursory look at Lua, so I assume that is what I should start with as it is integrated with Wireshark? I suppose if I want to get really fancy - LUA script -> GNUPlot then I can get my data and a graph at the same time?
asked 21 Sep '10, 03:52
edited 21 Sep '10, 06:29
Be sure you have a column setup for interpacket deltas (Edit->Prefs->Columns - add a column for "Delta Time Displayed"). This will show you the time delta between packets. Now you have to filter out the conversations that you want to view response times for. There are, of course, a few caveats. For TCP conversations you'll need to watch for the original SYN packet (am I the only one that loves saying "Original SYN"??) then look at the delta between that packet and the returning SYN-ACK. This delta, for the most part, will represent network flight time - How long it took to get from tier A to tier B. NORMALLY the SYN/SYN-ACK process involves little to no system processing time and, so, is a fairly reliable gauge of end-to-end latency. Things get more difficult if you want to monitor an entire conversation and understand the variable response times from either tierA or tierB. The TCP Flow Graph (Stats->Flow Graph) will break down the response times over time but they can be misleading depending on the volatility of the network.
Those are my $.02, others may have better input.
answered 21 Sep '10, 06:10
Wow...and I thought it was a simple response time question ;-)
This is a pretty good writeup, taken from a Sharkfest presentation, see if it puts you on the right path.
answered 21 Sep '10, 06:52