The next spot that is worth checking out is the ‘Conversations’ which is also found under ‘Statistics’ this quaint little window gives you a brief overview of any Source/Destination devices identified within the capture. Same goes for the Avg Mbit/sec, if you have large packets flowing you can expect to see a higher throughput rate, and the opposite for lower packet size rate. If you see exceptionally small packet sizes data transfers may take a lengthy amount of time due to the increase TCP overload and normal 元 forwarding. If you are troubleshooting data transfers normally you would expect the Avg. Packet Size – Depending on what you are trying to troubleshoot the average packet size can be a quick indicator in regards to whether or not your fully using the MTU an your network. The Elapsed time is important to make note of as this give you the ability to establish a baseline, knowing how long a process takes can you help you identify an issue or identify expected behavior in the future. First Packet, Last Packet, & Elapsed time -Matching up the time of a packet capture with when the particular issue occurred is crucial, after all you don’t want to find yourself analyzing the wrong capture.Although you will also see a ‘Truncated’ message within the packet indicating the packet was sliced. Packet Size Limit -Knowing whether or not the packets within the capture were sliced after the first so many bytes is important to know, as sometimes you might not see the entire TCP header or wireshark will start classifying the packets as malformed.Now for me the easiest way to do this is by using the reviewing the ‘Summary’ page under the ‘Statistics’ menu. Whether or not the application is behaving properly and performance is as it should be or if there is indeed something amiss somewhere. For all the other situations I need to rely on the PCAPs and interpret what and how the applications are communicating.
I usually don’t know much more than that, only in rare occasions do I get a heads up and insight into the behaviors of the application I am trying to troubleshoot. IE: Connection timeouts, slow response, long transfer times, etc. I don’t know about you but when I find myself performing packet captures and analyzing PCAPs I usually only know the symptoms of the issue I am attempting to troubleshoot.
0 kommentar(er)
