Wireshark-users: Re: [Wireshark-users] Possible network latency
You won't find a "average
re-transmission" statement because there really isn't one. On a well provisioned
local area network you could expect it to be zero. On a heavily congested
wireless or WAN network it might be 20% before it becomes
unworkable.
If netstat -s shows retransmission by the client than either the
workstation or the LAN should show retransmissions. (The client will retransmit
either if it receives if receives duplicate ACKs for segments it has said or if
the retransmission timeout (RTO) the TCP stack calculates has exceeded before it
receives an ACK.
On Wireshark if you seclect Analyze:Expert Info Composite and Notes tab
you will see a TCP retransmission count if you are getting any. You can also
just apply the Display Filter "tcp.analysis.retransmission" to see all relevant
packets.
If you are getting a lot of retransmissions where client and server
are on a local switched LAN you may want to look at the physical error
counts on your switches - and look for physical layer
issues.
Regards, Martin
Martin Visser
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Albert Jurado Sent: Thursday, 3 July 2008 12:40 AM To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] Possible network latency I’m in the mist of troubleshooting possible high network
re-transmissions. I’m basically attempting to capture enough data to prove
that the network is not the bottle neck. I have complaints from user that
their systems are slow but it seems that the application they are using is the
bottleneck. We have several in-house developed applications that the end
users uses that communicates with a SQL server. They also browse the
internet frequently. I’ve been looking for articles that describe what the
average re-transmission rate is for a standard TCP/IP networked workstation but
I could not find any. I’ve attempted a simple test like running the
trouble application and then performing a simple copy & paste (of a 1gb
file) from a file server to the workstation’s desktop while pinging the SQL
server at the same time and I did not see the time change from <1ms.
The application ran slow. Plus the file copied over without any
issue. A brief description of the network is as follows. We
have 5 floors with each floor having a wiring closet. In each closet we
have a Cisco 3750 cluster of switches. Each floor has fiber running down
to the core switch on the 2nd floor. The reason we suspect re-transmission is because some
workstations show a high “segments retransmitted” when you run netstat –s.
If I run Wireshark on the suspect workstations what should I be looking for in
the capture? Will I capture re-transmission that corresponds to the
netstat –s output? Thx. Albert
|
- Follow-Ups:
- Re: [Wireshark-users] Possible network latency
- From: Albert Jurado
- Re: [Wireshark-users] Possible network latency
- References:
- [Wireshark-users] Possible network latency
- From: Albert Jurado
- [Wireshark-users] Possible network latency
- Prev by Date: [Wireshark-users] Trace file preview handler
- Next by Date: [Wireshark-users] Dissector for ANSI TCAP NATIONAL code:0 not implemented.
- Previous by thread: [Wireshark-users] Possible network latency
- Next by thread: Re: [Wireshark-users] Possible network latency
- Index(es):