This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What To capture for a slow site?

0

I apologise in advance but i'm just learning about Wireshark. I'm an engineer who works for company that does the IT for medical centres. I was asked to investigate a strange issue that has been affecting the site for the last 7 months. Every four weeks on a wednesday, without fail, the entire site grinds to a crawl. There has been investigations by the tech team, and BT, but they cannot seem to find where the problem is coming from. They asked me to run a Wireshark capture. I did this on a day that the site was running fine, and on a day it was crawling. Someone else will get to look at this, but it interests me as well. Would there be anything specific you'd be looking for if you were in this situation? Kind regards. Darren

asked 15 Dec '15, 13:40

1470's gravatar image

1470
6112
accept rate: 0%

One Answer:

0

I would start from looking at the following things:

  • unusually high volume of traffic (go Statistics -> Conversations, sort by number of packets and by number of bytes by clicking the column header), aka "someone is downloading films" or "something is doing a monthly backup"

  • unusually high number of tcp retransmissions, aka "something is wrong on the uplink connection" (display filter tcp.analysis.retransmission).

The two may be related together, as if there is a traffic shaping policy on the uplink (which is quite likely), attempts to transfer high volumes of data will cause packets to be dropped and thus retransmitted.

answered 15 Dec '15, 13:52

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thank you Sindy. Very kind of you to answer so soon.

(15 Dec '15, 14:07) 1470