Hi Guys We've been having complaints that PC's from a sites are experiencing slowness in accessing a HTTP server at the central site, the central site users do not experience the problem. I set up wireshark to detect HTTP requests over 1sec in duration and it picked up quite a number of packets with such a parameter with quite a few experieincing delays of over 10 Seconds, Armed with this info and considering that the local PC's are fine I need to know what will be the next step to resolve this issue(would I need to use wireshark in another capacity to help me further ??), WAN links seem fine they are not getting saturated etc. I look forward in hearing from you all Thanks asked 08 Nov '16, 09:15 s1mwat edited 08 Nov '16, 11:43 Bill Meier ♦♦ |
One Answer:
It sounds like your initial capture was taken from the central site. I would recommend you now move to the complaining customers location to see it from their perspective. If travel is an issue, hopefully you have someone on the remote end that can do a capture for you. I have found it beneficial in these scenarios to have captures running at both sites (hint: time sync capture devices), then have the complaining user run through the tasks that generate the issue. You can then take the two pcaps from local/remote and do some comparative analysis to see where the issues are occurring. At the very least you can start to rule at the endpoints and make decisions on where in the network chain you should focus next. Troubleshoot TCP first, since that is generally a good area to start and it seems like the HTTP services are fine for local clients, so that potentially rules out HTTP server issues. ~Happy hunting answered 08 Nov '16, 10:10 BruteForce |
Could you provide us a trace at public accessible place; like cloudshark or google drive. If you concerned about security, you can use tracewrangeler: http://www.tracewrangler.com for some anonymization tasks.