This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark and server processing time

0

I'd like to capture the time it takes for the server to process the request. Below is my setup:

server <-->switch1<-->WAN<-->switch2<-->client

Now the client is accessing the application reside on the server. My plan is to setup Wireshark on switch2 and switch1.

My questions are as follow: - Will the time, that I capture on switch1 when the server sends the response back, be the processing time of the server. - is it possible to merge the two captured file into one?

Thanks

asked 18 Nov '13, 19:39

character9's gravatar image

character9
16101012
accept rate: 0%


One Answer:

0

If you need just the 'server processing' time (please define that!), there is no need to capture on switch2 (client side).

Will the time, that I capture on switch1 when the server sends the response back, be the processing time of the server.

Actually, it will be

  1. the time needed to transmit the client request from switch1 -> server (if there is another wan or a slow ethernet link this could make up some ms!)
  2. the time needed to process the client request packet in the TCP/IP stack of the server
  3. the time needed for the server software to process the request (whatever that means in your context)
  4. the time needed to process the server response packet in the TCP/IP stack of the server
  5. the time needed to transmit the server response from server -> switch1

As you can see, only 3 is the 'server (software) processing' time. But that really depends on the definition of 'server processing' time.

Furthermore: if you can neglect 1-2 and 4-5, then the time delta between client request and server response at switch1 will the the 'server processing' time.

is it possible to merge the two captured file into one?

Yes, see the tool mergecap. HOWEVER as I said, it's not necessary to capture at switch1 and at switch2 in your scenario. You can do it, but if you then merge the capture file, you will get duplicate frames, as the frames that appear at switch2 will also be seen at switch1 and vice versa.

Regards
Kurt

answered 19 Nov '13, 15:46

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 19 Nov '13, 15:47

For the same response packet from the server, would the packet time frame be different between capture on switch1 and switch2 or the client?

(19 Nov '13, 17:11) SteveZhou
1

Of course. It will be + t(wan) == time needed to transmit the packet over the wan link.

(20 Nov '13, 06:57) Kurt Knochner ♦

The time Wireshark sees the packet going through from sw1 and from sw2 is different, doesn't it? Let say I capture the packet at sw1 and the time is 1 ms (for example) and that packet can be seen again at sw2 at 2ms. So I know that it takes 1 ms for the packet going from sw1 to sw2. Does it sound right? Now if I merge those two captured files, I will see the same packet with different time. Correct?

(21 Nov '13, 15:16) character9

The time Wireshark sees the packet going through from sw1 and from sw2 is different, doesn't it?

sure it's delta t(wan).

So I know that it takes 1 ms for the packet going from sw1 to sw2. Does it sound right?

yes.

I will see the same packet with different time. Correct?

yes. But I thought you were interested in the 'server processing time' and not the t(wan) !?!

BTW: If you want to merge capture files of two different capturing devices to do any sort of differential time analysis, the time on the capturing devices must be synchronized to the millisecond, better to the nanosecond, otherwise the delta of the time stamps will be wrong.

(22 Nov '13, 01:23) Kurt Knochner ♦