This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

3-tier Client/Server application perf. troublshooting

0
1

Hi,

I have a C/S app starts from a shared folder on the file server then connects to the AD to authenticate, and finally connects to the DB server to pull up the data. During certain moments clients complain of slow access to the data at the different stages of the app! I want to use Wireshark to capture traffic at different segments of the access network and then correlate them in one file to be analyzed by Wireshark Analysis tool. Is this possible? does Wireshark has the capacity to do such a job?

Thank you indeed.

Ahmed Althagafi IT Consultant Washington DC.

asked 22 Sep '10, 11:11

althagafi's gravatar image

althagafi
1123
accept rate: 0%

edited 26 Sep '10, 01:57

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245


One Answer:

3

Wireshark itself can not correlate the packets taken at different places, but you can use "editcap -t" to adjust the timestamps in a tracefile. If you know the delta between the same packet in two tracefiles, you can adjust one file and then use 'mergecap' to merge the files into one. You can repeat the process for other tiers until you have one big file. You can then use 'wireshark' to analyze that file, but you still have to correlate packets from each tier yourself.

You can use an icmp-echo/icmp-echo-reply pair to calculate the delta time between files. Or another good one to use is a SYN and SYN/ACK. I use both a request and a responce and calculate the mean to rule out the round-trip time between the systems.

answered 22 Sep '10, 11:31

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Is there any simpler method to do this ? or any tool through which we can accomplish this ?

(16 Oct '12, 01:13) Akhtar

Are you sure your app talks directly to the DB? There is no middleware in involved? Although Riverbed's Pilot and Opnet can do multi-tier analysis, I'm not convinced you need it. It's TCP after all and you're not trying to nail down where the packet loss is occurring. If there is no middleware involved, this is normal protocol analysis. As the DBA if he/she sees any table scans or locked tables. That may explain the periodic slowness. Again, I'm assuming you ruled out pkt loss as a culprit.

(18 Oct '12, 18:28) hansangb