This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to analyse througput, packet loss, RTT rather than go through the graph of built-in feature of wireshark?

2

Hi, I am doing research project to find out the TCP performance using New Reno, Compound TCP, Westwood and Cubic variant of TCP. I have included Wireshark as a network analysis tool; however it is beneficial in certain situations to check the network performance, but every matrices is not clearly defined. Kindly, can anyone here help me to find out all these matrices mentioned in title? I am very tense because having limited time to submit my project.

seeks positive reply!

Thanks

asked 12 Aug '11, 02:48

sur's gravatar image

sur
31225
accept rate: 0%

edited 26 Feb '12, 21:40

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


2 Answers:

4

So if I understand your problem correctly you want to know how to determine Throughput, Packet loss and RTT with Wireshark?

First of all, you should isolate the TCP session you want to analyze. You can do that by using the Conversations Statistic (in the Statistics menu) and filter the conversation from the TCP tab. The use the popup menu to filter the conversation. The conversation statistic can also tell you the throughput per TCP session right away (bps A->B and bps B->A).

For the packet loss you can then append the conversation filter with "and tcp.analysis.lost_segment", then look at the status bar to see how many packets match the filter ("Displayed:" value).

The RTT can be determined by finding out how long it took for the Three Way Handshake, meaning that you set a Time reference to the SYN and then read the relative time of the third packet (ACK). That will give you the initial RTT; if you want the various RTT values for the length of the communication you should use the Statistics -> TCP Stream Graph -> Round Trip Time Graph.

On a side note: I think RTT and packet loss values are not that important when comparing stack types, because the stack has little to no influence over what happens in transit (delays and packet drops in the network infrastructure). Keep an eye on the mechanisms dealing with recovery from packet loss (including "how fast was the problem solved, and how bad was the impact on time/throughput"); these are much more interesting.

answered 12 Aug '11, 05:52

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks Jasper,

Jasper could U share any captured file to illustrate more in detail all the relevant matrices as I discussed in my request. Please explain briefly, that how to analyse throughput of whole captured file. As I know by applying particular filter we can capture particular connection n by viewing statics summary we can analyse the throughput which defines most f things but don't know how to calculate exactly. Similarly, for packet loss by applying tcp.analysis.lost_segment, how to calculate total packet loss in whole in large captured file where packet losses are more than one. Actually I am working on simple topology, consist of only one router and three servers, HTTP Server, SMTP Server, n Streaming Server. Delay n packet loss is employed such as 20ms, 1.5%, 30ms 2.5%,40 3.5%, 50ms 4.5% respectively. Each employed parameters(delay and packet loss) are tested five times on each said variant of TCP(said in request). Everything is done at the moment but strucked at how to analyse things accurately although I captured all relevant packets by applying particular capture filter i.e. http filter for http, rtcp(real time tcp) for streaming and smtp for smtp. Kindly explain in clear and in easier way because I am having very short time to complete report.

Once Again Thanks for your concern.

waiting for response!

sur

(12 Aug '11, 15:39) sur

First of all, I converted your answer to a comment to keep this a Q&A flow.

Second, you should be aware that this is a forum to help with questions and problems, not the Report-O-Matic that does your homework for you ;-)

Third, I do not have trace files for you; if you need any you can get them at the Wireshark repository at http://wiki.wireshark.org/SampleCaptures.

Finally, I think I gave quite accurate steps to get the metrics for single connections. I doubt it makes much sense to look for metrics over a whole trace file since the flows will be too different in nature. But a few hints:

(12 Aug '11, 16:45) Jasper ♦♦

To get the throughput you calculate the amount of bytes transfered divide by time it took, aka "Cummulative bytes / relative time" (you can add those as columns to the Wireshark packet list).

Total packet loss is easy: filter on tcp.analysis.lost-segment and divide "displayed packets" by "packets" * 100% (read "displayed" and "packets" from the status bar). That way you get a percentage of lost packets for the whole trace.

I still think it makes sense to do this per TCP flow, not on a complete trace file. You can draw averages later if you need to get single results per trace.

(12 Aug '11, 16:53) Jasper ♦♦

0

Thanks for your comments!

I want to evaluate full captured file rather to analyse single TCP connection which wireshark clearly does though enough material is available for single connection evaluation. How to calculate matrices (Throughput, packet loss, RTT) for full captured file. And one thing more it would not be question if it would not be a problem -:)

Anyway thanks for your concern

answered 15 Aug '11, 15:25

sur's gravatar image

sur
31225
accept rate: 0%