I have a C/S app starts from a shared folder on the file server then connects to the AD to authenticate, and finally connects to the DB server to pull up the data. During certain moments clients complain of slow access to the data at the different stages of the app! I want to use Wireshark to capture traffic at different segments of the access network and then correlate them in one file to be analyzed by Wireshark Analysis tool. Is this possible? does Wireshark has the capacity to do such a job?
Thank you indeed.
Ahmed Althagafi IT Consultant Washington DC.
asked 22 Sep '10, 11:11
edited 26 Sep '10, 01:57
Wireshark itself can not correlate the packets taken at different places, but you can use "editcap -t" to adjust the timestamps in a tracefile. If you know the delta between the same packet in two tracefiles, you can adjust one file and then use 'mergecap' to merge the files into one. You can repeat the process for other tiers until you have one big file. You can then use 'wireshark' to analyze that file, but you still have to correlate packets from each tier yourself.
You can use an icmp-echo/icmp-echo-reply pair to calculate the delta time between files. Or another good one to use is a SYN and SYN/ACK. I use both a request and a responce and calculate the mean to rule out the round-trip time between the systems.
answered 22 Sep '10, 11:31