PHWinfo - Afficher un message - Interpreting WireShark TCP time/seq graphs

01/04/2007, 19h42

chris <googlegroups@marget.com> wrote:

> James Taylor wrote:
>
> > I've taken one typical HTTP stream and used WireShark's time/sequence
> > graphing function in order to understand why so many packets arrive out
> > of order. However, I'm not at all familiar with this kind of TCP
> > performance analysis and I would love someone to me interpret the
> > graph. I've (very temporarily) uploaded two views of the graph here:
> >
> > <http://www.hackershack.co.uk/usenet/tcpgraphs/>

I'd still like to know if my speculations in my initial post are likely
to be anywhere near the mark. Can anyone me understand?

> I find wireshark's time/sequence graphs really difficult to interpret.
>
> The combination of tcptrace and xplot is far easier for me to read.
> The documentation explaining time/sequence graphs is here:
>
> http://tcptrace.org/manual/node12_mn.html

That's much nicer visualisation, I agree, and now I've read that page I
can now understand how to interpret a very similar tcptrace-style graph
drawn by WireShark. Thanks.

> A quick glance at your usenet posting history suggests you're a mac user.

Yes, amongst others.

> You'll need to install and run X11 from your install disks
> before you can run xplot.

Yes, WireShark for Mac also requires X11, so this is already installed.

> Then it's just a matter of:
>
> 1) capture your problem incident with wireshark (as you've done), save
> it to a file
> 2) in the terminal: 'tcptrace -S <filename>
> 3) observe the tcptrace output, and the files it has created
> 4) xplot ?2?_tsg.xpl

You make it sound very easy. I've installed tcptrace and xplot, now I
just need to familiarise myself with their usage. Thanks for the tip.

> alternatively, you could just upload the capture so we can all have a
> look at it.

Yes, I'd like to do that, but the captures contain data that is private
to my users. Do you know of an easy way to sanitise the capture files?

Thanks again.

--
James Taylor

01/04/2007, 19h42	#3
James Taylor Messages: n/a Hébergeur:	Re: Interpreting WireShark TCP time/seq graphs chris <googlegroups@marget.com> wrote: > James Taylor wrote: > > > I've taken one typical HTTP stream and used WireShark's time/sequence > > graphing function in order to understand why so many packets arrive out > > of order. However, I'm not at all familiar with this kind of TCP > > performance analysis and I would love someone to me interpret the > > graph. I've (very temporarily) uploaded two views of the graph here: > > > > <http://www.hackershack.co.uk/usenet/tcpgraphs/> I'd still like to know if my speculations in my initial post are likely to be anywhere near the mark. Can anyone me understand? > I find wireshark's time/sequence graphs really difficult to interpret. > > The combination of tcptrace and xplot is far easier for me to read. > The documentation explaining time/sequence graphs is here: > > http://tcptrace.org/manual/node12_mn.html That's much nicer visualisation, I agree, and now I've read that page I can now understand how to interpret a very similar tcptrace-style graph drawn by WireShark. Thanks. > A quick glance at your usenet posting history suggests you're a mac user. Yes, amongst others. > You'll need to install and run X11 from your install disks > before you can run xplot. Yes, WireShark for Mac also requires X11, so this is already installed. > Then it's just a matter of: > > 1) capture your problem incident with wireshark (as you've done), save > it to a file > 2) in the terminal: 'tcptrace -S <filename> > 3) observe the tcptrace output, and the files it has created > 4) xplot ?2?_tsg.xpl You make it sound very easy. I've installed tcptrace and xplot, now I just need to familiarise myself with their usage. Thanks for the tip. > alternatively, you could just upload the capture so we can all have a > look at it. Yes, I'd like to do that, but the captures contain data that is private to my users. Do you know of an easy way to sanitise the capture files? Thanks again. -- James Taylor