I'm working on a trace-file which has reported ISP throttling occurrences in it. My task is to use IO graph to understand at what point in time the throttling process effected client upload throughput. To achieve this I have applied 3 filters with results shown in UI attached. My Problem. Each blue line, when I see the graph it raising from its level both up and down using the Y axis which is set to byets/tick. Now, interesting this which should be very easy to find, like when I click on the line which lays low in graph and compare to green line which is higher in scale at the wireshark packets pane/window I'm confused as to what bytes (size) attribute to change in these lines positions on graph (IO)? To re-create open wireshark-> generate traffic (e.g http)- > goto statistics-> I/O graph Now, click on any point in graph it takes you to packet (single) view, now on the packet informtion do you see anything e.g len,window size etc that tells why this packet was lower /higher on scale in graph w.r.t bytes /tick. Make sure Y-axis is set as bytes/tick. Where I have to look in packet details to find this information. Thanks.
asked 17 Jun '15, 01:37  asad edited 18 Jun '15, 03:47 showing 5 of 8 show 3 more comments |
One Answer:
Packets 3134 & 3137 are at different positions in the graph as they fall into different tick intervals. According to the bottom screenshot, you have a tick interval of 0.01 sec. Looking at the packet list, packets 3134, 3135 & 3136 all fall into the interval 14.12 - 14.12999999, packet 3137 ... fall into the tick interval 14.13 - 14.13999999. answered 18 Jun '15, 05:29  grahamb ♦ edited 18 Jun '15, 05:55 Thanks horizontal positions I already know as to why I'm talking specifically as i mention in question as well its the Y-AXIS position how is that effected? (18 Jun '15, 06:02) asad 1 That's the function of the graph, bytes per interval. The Y-Axis value is the number of bytes in packets in that interval. For the interval 14.12 - 14.12999999 there are three packets (3134-6) with a total length of 3066 bytes. For the interval 14.13 - 14.13999999 there are at least 5 packets (3137-41) with a total length of 7530 bytes. There may be more packets and bytes in the second interval but that can't be determined from your screenshot. Yet another reason why analysis by screenshot is annoying. Much easier with the actual capture file. (18 Jun '15, 06:08) grahamb ♦ Thanks you solved the riddle. So each dot is the summation of all previous dots in that specific time interval e.g 0.1 or 0.01. (18 Jun '15, 06:42) asad Not exactly, each dot is the summation of all bytes in that specific time interval (that match the applied filter if any). (18 Jun '15, 07:23) grahamb ♦ |
any luck? anyone
hm... I don't fully understand what you are asking for. Could you please add more details?
@kurt please see the review and let me if it helps.
It is a summarization per tick intervall. So if a packet is higher or lower than it is later or ealier in that specific intervall.
@Christian_R thanks for commenting, but on Y-axis it says bytes/tick so i'm looking the graph uses byte (size) criteria for plotting?
I'm sorry, but I still don't get it.
What do you mean by that (bold text part)? A packet is "nowhere" in the graph, neither higher nor lower. The graph just shows a mean value of frames in the selected time/tick interval and if you click somewhere, you will end up "somewhere" in the "window of frames" that created the data where you approximately clicked in the graph.
Maybe we try it the other way round: What kind of information are you trying to find?
@kurt I have added more details now, let me know why packet 3134 and 3137 are at different positions on graph?
@lchappell I hope you can help me out there:).