This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi Guys

We've been having complaints that PC's from a sites are experiencing slowness in accessing a HTTP server at the central site, the central site users do not experience the problem. I set up wireshark to detect HTTP requests over 1sec in duration and it picked up quite a number of packets with such a parameter with quite a few experieincing delays of over 10 Seconds, Armed with this info and considering that the local PC's are fine I need to know what will be the next step to resolve this issue(would I need to use wireshark in another capacity to help me further ??), WAN links seem fine they are not getting saturated etc.

I look forward in hearing from you all

Thanks

asked 08 Nov '16, 09:15

s1mwat's gravatar image

s1mwat
6112
accept rate: 0%

edited 08 Nov '16, 11:43

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850

Could you provide us a trace at public accessible place; like cloudshark or google drive. If you concerned about security, you can use tracewrangeler: http://www.tracewrangler.com for some anonymization tasks.

(08 Nov '16, 11:43) Christian_R

It sounds like your initial capture was taken from the central site. I would recommend you now move to the complaining customers location to see it from their perspective. If travel is an issue, hopefully you have someone on the remote end that can do a capture for you.

I have found it beneficial in these scenarios to have captures running at both sites (hint: time sync capture devices), then have the complaining user run through the tasks that generate the issue. You can then take the two pcaps from local/remote and do some comparative analysis to see where the issues are occurring. At the very least you can start to rule at the endpoints and make decisions on where in the network chain you should focus next.

Troubleshoot TCP first, since that is generally a good area to start and it seems like the HTTP services are fine for local clients, so that potentially rules out HTTP server issues.

~Happy hunting

permanent link

answered 08 Nov '16, 10:10

BruteForce's gravatar image

BruteForce
1203
accept rate: 9%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×293

question asked: 08 Nov '16, 09:15

question was seen: 1,170 times

last updated: 08 Nov '16, 11:43

p​o​w​e​r​e​d by O​S​Q​A