Hello all: I used packet capture tools for many years now on a cursory basis. Recently I've started digging further into the packets and find it an entire workd unto itself. That being said here is my scenario ...Transfer performance and throughput. Original setup. Internal VM connects to a physical server in the DMZ on an encrypted port and pulls a 2.5 GB file transfer. Links in this path are 1 GB throughout. File transfer typically takes about 5.25 hours and averages around 150 Mb/sec Edited..I had originally types 7 hours.. its closer to 5 New Scenario: Internal VM connects to a new VM in the DMZ on an encrypted port and pulls a 2.5 GB file transfer. Links in this path are 1 GB throughout. File transfer typically takes about 2.5 minutes and averages around 1-2 Mb/sec. And yet it completes ! What's the same. Same internal VM as the source Same time of file transfer (2am) Same path for both external destination servers (original and new VM) Same VLAN for both external destination servers (original and new VM) When I dive into the packets..(I run can see one factor being different off the bat.) In the old faster file transfer I see the destination server present for a windows scaling factor of 8 (256 times) versus in the New slower trace.. I have a shift count of 0. Is this enough of a factor to affect the time needed to complete and throughput? What other tings should i check for/eliminate? I don't have access to the VM or old server so there are only the packets on the wire I will include the following images
asked 04 Oct '16, 06:05  runatyr edited 04 Oct '16, 06:43 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Your values for elapsed time and throughput seem off. 7.25 hours and 150MBit/s doesn't match, and even if 150MBit/s would be correct, it's faster than what's possible on a 1Gbps link. Did you mean 150kbit/s?
Which of the two is the bad one? And can you provide pcaps instead of screenshots? Sanitize with TraceWrangler if there's sensitive information in them.
Sorry for the confusion if I did not preset all the data correctly clearly. My first posting.
All the links from source to destination are at 1 Gb/sec connectivity. The file transfer is roughly 2 GigaBYTEs in size. I'm unable to deduplicate the entire file size (4GB) easily in wireshark. We have duplicate packets due to the spanning configuration. Instead I took the first few tens of thousands of packets and remove the duplicates in wireshark.
In the wireshark captures above I have remove the duplicate frames where possible. Each image shows a "good" vs. "Bad" comparison in the name.
The file transfer takes 2.25 minutes in the good capture and averages 150 Mb/sec The same file takes approximately 5 hours (not 7) in the bad images on the new VM server and averages about 1-2 Mb/sec.
I'll include a snapshot form the timeline appliance we pulled the packets from . This includes the duplicate packets.