This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Round Trip Capture- E2E Capture

0

HI, I want to capture data using wireshark in a way that I can see all the servers/Ip my request is going through and getting the response back to my machine. Currently I only see two Ip's ..one is my IP and second is may be webserver of my application. is there a way to capture all the servers involved in the request and response?

asked 06 Jul '17, 07:43

Sid147228's gravatar image

Sid147228
9224
accept rate: 0%

One Answer:

0

Not from your local PC. You can use traceroute (tracert on Windows) to find through which routers the request was travelling, but it doesn't tell you anything about the path from the server back to you. Also, if the remote IP belongs e.g. to a load balancer, everything behind it is completely hidden for you, i.e. even the traceroute won't show you anything. If you administer the whole network between the client and server and you are looking for a bottleneck, then of course your possibilites are wider, but you still have to capture at different points in the network in order to get relevant information. However, capturing at client and server is the first thing to tell you whether to concentrate at transport network performance or application/server performance. Have a look at @Jasper's article on it.

answered 06 Jul '17, 08:09

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thanks Sindy. I am not a network administrator and yes our application has multiple LB across layers. We have implemented data in transit strategy to our design and want to see if data is flowing according to the implemented strategy.e.g. Between Client to LB it will be HTTPS ..from LB to App servers it will be HTTP/...similarly at different layers of the application.

(06 Jul '17, 08:17) Sid147228
1

Well, in that case you are still in a good position as the servers are yours so you can capture at them. If you sync them well using NTP, you can run tcpdump on all the servers and the client simultaneously and then merge the files to see how the request processing went at different stages. Or just do a lot of subtraction and division when handling the files one by one.

(06 Jul '17, 08:25) sindy