This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
0
1

Hi,

I have a C/S app starts from a shared folder on the file server then connects to the AD to authenticate, and finally connects to the DB server to pull up the data. During certain moments clients complain of slow access to the data at the different stages of the app! I want to use Wireshark to capture traffic at different segments of the access network and then correlate them in one file to be analyzed by Wireshark Analysis tool. Is this possible? does Wireshark has the capacity to do such a job?

Thank you indeed.

Ahmed Althagafi IT Consultant Washington DC.

asked 22 Sep '10, 11:11

althagafi's gravatar image

althagafi
1123
accept rate: 0%

edited 26 Sep '10, 01:57

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245


Wireshark itself can not correlate the packets taken at different places, but you can use "editcap -t" to adjust the timestamps in a tracefile. If you know the delta between the same packet in two tracefiles, you can adjust one file and then use 'mergecap' to merge the files into one. You can repeat the process for other tiers until you have one big file. You can then use 'wireshark' to analyze that file, but you still have to correlate packets from each tier yourself.

You can use an icmp-echo/icmp-echo-reply pair to calculate the delta time between files. Or another good one to use is a SYN and SYN/ACK. I use both a request and a responce and calculate the mean to rule out the round-trip time between the systems.

permanent link

answered 22 Sep '10, 11:31

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Is there any simpler method to do this ? or any tool through which we can accomplish this ?

(16 Oct '12, 01:13) Akhtar

Are you sure your app talks directly to the DB? There is no middleware in involved? Although Riverbed's Pilot and Opnet can do multi-tier analysis, I'm not convinced you need it. It's TCP after all and you're not trying to nail down where the packet loss is occurring. If there is no middleware involved, this is normal protocol analysis. As the DBA if he/she sees any table scans or locked tables. That may explain the periodic slowness. Again, I'm assuming you ruled out pkt loss as a culprit.

(18 Oct '12, 18:28) hansangb
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×205
×53
×3
×1

question asked: 22 Sep '10, 11:11

question was seen: 4,310 times

last updated: 18 Oct '12, 18:28

p​o​w​e​r​e​d by O​S​Q​A