Wireshark-users: Re: [Wireshark-users] Intermittent Performance Problems - pcap output

From: "Cyril Spiro" <spiroc@xxxxxxxxxxxxxxx>
Date: Tue, 11 Nov 2008 21:46:36 -0500
Thanks for the suggestion. I believe this is the output that will be more
helpful. See attached.

spiroc
 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Tuesday, November 11, 2008 9:32 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 30, Issue 24

Send Wireshark-users mailing list submissions to
	wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: Intermittent Performance Problems (Martin Visser)


----------------------------------------------------------------------

Message: 1
Date: Wed, 12 Nov 2008 13:31:29 +1100
From: "Martin Visser" <martinvisser99@xxxxxxxxx>
Subject: Re: [Wireshark-users] Intermittent Performance Problems
To: "Community support list for Wireshark"
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	<b3739b0c0811111831j133490f9p48fc756017d4caf0@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

Any chance of doing a "Save as" displyed packets (in pcap) format rather
than printing displayed?

On Wed, Nov 12, 2008 at 1:21 PM, Cyril Spiro <spiroc@xxxxxxxxxxxxxxx> wrote:

> First of all, thanks to those who responded to my last post.  The answers
> were very helpful in educating me on interpreting the wireshark output.
>
> The last example was a random sample of a tcp stream which indicated a 1.3
> second duration from SYN to FIN ACK, with about 50% of the time used for
> server processes and 50% for transporting data via the network.  These
> durations were within tolerable limits.
>
> In this new attached example, the user pointed us to a specific incident
> which took 5 seconds between the time that he clicked the submit button on
> the webpage and the screen refreshed.  We confirmed the user's statement
> with the wireshark output.  The question is why?
>
> Can anyone see from the attached report what could have caused the delay?
> Note, that this capture was exclusively for data between the users PC and
> the server.  We have the full tcpdump file for the day for the users PC,
> but
> it is very large (33MB).
>
> Also, please note that when the user submitted data in the same html form
> at
> different times of the day the duration was consistently significantly
> shorter (<1s) and within tolerable limits.  So, it appears that something
> unique happened during the attached example.
>
> In summary, users are complaining that this intermittent slowness is
> frustrating to them and the attached example is a rare glimpse into one of
> these events.  The most important question to answer at this time is can
we
> tell if the delay is being caused by the server or by the network?
>
> Thanks in advance for your help,
> spiroc
>
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> wireshark-users-request@xxxxxxxxxxxxx
> Sent: Monday, November 10, 2008 5:42 AM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: Wireshark-users Digest, Vol 30, Issue 17
>
> Send Wireshark-users mailing list submissions to
>        wireshark-users@xxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
>        wireshark-users-request@xxxxxxxxxxxxx
>
> You can reach the person managing the list at
>        wireshark-users-owner@xxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
>   1. Not need to save packet data (Adisak)
>   2. Re: Not need to save packet data (j.snelders@xxxxxxxxxx)
>   3. Re: Intermittent Performance Problems on (Martin Visser)
>   4. Re: Not need to save packet data (Jaap Keuter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 10 Nov 2008 08:34:32 +0700
> From: "Adisak" <adisak@xxxxxxxxxxx>
> Subject: [Wireshark-users] Not need to save packet data
> To: "'Community support list for Wireshark'"
>        <wireshark-users@xxxxxxxxxxxxx>
> Message-ID: <200811100136.mAA1aMBV026303@xxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi all,
>
> I'm very new for Wireshark.
>
>
>
> I've download and used Wireshark on a few day ago.
>
> I'll use Wireshark in my company for check the traffic of proxy server.
>
> But, I'd like to collect only Time, IP address both source and
Destination,
> Protocol type and information only.
>
> Not need to save packet data, Because log file will growth big in a
shortly
> time.
>
> I've try to setting Wireshark for from 2 days ago but I can't.
>
> Anyone have an idea for my question?
>
>
>
> P.S. I used Wireshark on windows.
>
>
>
> Best Regards,
>
> Adisak
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
>
http://www.wireshark.org/lists/wireshark-users/attachments/20081110/ee6f18e8
>
/attachment.html<http://www.wireshark.org/lists/wireshark-users/attachments/
20081110/ee6f18e8/attachment.html>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Nov 2008 06:20:26 +0100
> From: j.snelders@xxxxxxxxxx
> Subject: Re: [Wireshark-users] Not need to save packet data
> To: adisak@xxxxxxxxxxx, "Community support list for Wireshark"
>        <wireshark-users@xxxxxxxxxxxxx>
> Message-ID: <481B206B000A3AFE@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="US-ASCII"
>
> Hi Adisak,
>
> You can use the option: Limit each packet to 68 bytes.
> You'll find it at
> Capture -> Capture Options
>
> Thanks
> Joan
>
> >To: "'Community support list for Wireshark'"
> <wireshark-users@xxxxxxxxxxxxx>
> On Mon, 10 Nov 2008 08:34:32 +0700 Adisak Wrote:
> >Hi all,
> >
> >I'm very new for Wireshark.
> >
> >
> >
> >I've download and used Wireshark on a few day ago.
> >
> >I'll use Wireshark in my company for check the traffic of proxy server.
> >
> >But, I'd like to collect only Time, IP address both source and
> Destination,
> >Protocol type and information only.
> >
> >Not need to save packet data, Because log file will growth big in a
> shortly
> >time.
> >
> >I've try to setting Wireshark for from 2 days ago but I can't.
> >
> >Anyone have an idea for my question?
> >
> >
> >
> >P.S. I used Wireshark on windows.
> >
> >
> >
> >Best Regards,
> >
> >Adisak
> >
> >
> >
> >_______________________________________________
> >Wireshark-users mailing list
> >Wireshark-users@xxxxxxxxxxxxx
> >https://wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 10 Nov 2008 16:30:21 +1100
> From: "Martin Visser" <martinvisser99@xxxxxxxxx>
> Subject: Re: [Wireshark-users] Intermittent Performance Problems on
> To: "Community support list for Wireshark"
>        <wireshark-users@xxxxxxxxxxxxx>
> Message-ID:
>        <b3739b0c0811092130s45347b93va3d53d24f51f044b@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=UTF-8
>
> Cyril,
>
> Rather than sending the text output, it is probably more useful to
> send the pcap capture file (unless you have private data you need to
> obscure)
>
> Only seeing one side makes it a little hard (make sure filter includes
> client and server as both source and destination), however what can be
> gleaned is :-
>
> 1. The connection response (3-way handshake SYN/SYN-ACK/ACK) is 1.4ms
> (packet 1822-1821). This indicates your server is physically close and
> the TCP stack is responsive
> 2. Your client issued a HTTP GET straight after (packet 1823) and then
> ACKed the first bytes from the server response in less then 594ms
> (packet 1839 - 1823). More that likely your server won't start sending
> data until it has finished the backend database server transaction,
> but that is totally dependent on how you web app is built. So it is
> likely this is your server processing time
> 3. You received the last byte from that stream sometime before packet
> 1873. Thus time from first byte to last byte received is approximately
> 665ms. This is the time of flight of your received data. The ACKs show
> that your received 56152 bytes in that time, thus your throughput was
> 84430 Bps or 675Kbps. This may be good or bad depending on your
> network pipe between client and servers and how much concurrent usage
> occurred.
>
> So for your transaction I would conclude around half of the time was
> backend processing (the 594ms) and half simply filling the available
> pipe with your data (the 665ms)
>
>
> (Note at packet 95288 your reused the TCP port 2398 some hours later -
> so this is from another session to the first)
>
>
> Regards, Martin
>
>
> On Mon, Nov 10, 2008 at 1:04 AM, Cyril Spiro <spiroc@xxxxxxxxxxxxxxx>
> wrote:
> > Ryan,
> >
> > Thank you for your response.
> >
> > I have followed your recommendation and taken a snap shot of one TCP
> stream
> > during a period when the users stated the intranet-based web application
> was
> > slow.
> >
> > Attached is a sample of one TCP Stream which took 1.3 seconds.  I
provide
> > this as an example for assistance in interpreting the Wireshark results.
> >
> > What surprised me is that all packets indicate communication from
> > 192.168.0.221 (client) to 192.168.0.150 (server) and none in the other
> > direction.
> >
> > Again, our goal is to know if this screen rendering took 1.3 seconds
> because
> > the server was busy processing the request (database calls, etc.) or if
> the
> > network was jammed outside of the server.
> >
> > Any insight that you can provide on how to read the results in order to
> > answer this question is much appreciated.
> >
> > spiroc
> >
> >
> >
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> > wireshark-users-request@xxxxxxxxxxxxx
> > Sent: Thursday, November 06, 2008 7:12 PM
> > To: wireshark-users@xxxxxxxxxxxxx
> > Subject: Wireshark-users Digest, Vol 30, Issue 11
> >
> > Send Wireshark-users mailing list submissions to
> >        wireshark-users@xxxxxxxxxxxxx
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >        https://wireshark.org/mailman/listinfo/wireshark-users
> > or, via email, send a message with subject or body 'help' to
> >        wireshark-users-request@xxxxxxxxxxxxx
> >
> > You can reach the person managing the list at
> >        wireshark-users-owner@xxxxxxxxxxxxx
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Wireshark-users digest..."
> >
> >
> > Today's Topics:
> >
> >   1. Re: tshark creates files in temp dir (j.snelders@xxxxxxxxxx)
> >   2. Re: tshark creates files in temp dir (Al Aghili)
> >   3. Re: tshark creates files in temp dir (Stephen Fisher)
> >   4. Re: tshark creates files in temp dir (Al Aghili)
> >   5. Re: tshark creates files in temp dir (Stephen Fisher)
> >   6. Re: tshark creates files in temp dir (Guy Harris)
> >   7. Re: tshark creates files in temp dir (Al Aghili)
> >   8. Re: Intermittent Performance Problems on Intranet (Ryan Zuidema)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 6 Nov 2008 21:26:45 +0100
> > From: j.snelders@xxxxxxxxxx
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: "Community support list for Wireshark"
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <481B3765000A0AD6@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="US-ASCII"
> >
> > Hi Al,
> >
> > I think that you have to define an output file:
> > $ tshark -i 2 -w output.cap
> >
> > HTH
> > Joan
> >
> > On Thu, 6 Nov 2008 10:39:32 -0700 Al Aghili wrote:
> >>Subject: [Wireshark-users] tshark creates files in temp dir
> >>
> >>Hi,
> >>When we run tshark on windows it sometimes creates these large files in
> >>Windows/temp directory that start with "ether". Is there a way to turn
> >>this off?
> >>
> >>Thanks
> >>Al
> >>
> >>
> >>_______________________________________________
> >>Wireshark-users mailing list
> >>Wireshark-users@xxxxxxxxxxxxx
> >>https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Thu, 6 Nov 2008 14:08:19 -0700
> > From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: "'Community support list for Wireshark'"
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <00b601c94053$cf285540$2602a8c0@AlDell01>
> > Content-Type: text/plain;       charset="us-ascii"
> >
> > Hi,
> > We're running tshark with the following command.
> > tshark -i 2 -V -l
> >
> > Then we read the standard out so we don't want to create an output file.
> >
> >
> > Thanks
> > Al
> >
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> > j.snelders@xxxxxxxxxx
> > Sent: Thursday, November 06, 2008 1:27 PM
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> >
> > Hi Al,
> >
> > I think that you have to define an output file:
> > $ tshark -i 2 -w output.cap
> >
> > HTH
> > Joan
> >
> > On Thu, 6 Nov 2008 10:39:32 -0700 Al Aghili wrote:
> >>Subject: [Wireshark-users] tshark creates files in temp dir
> >>
> >>Hi,
> >>When we run tshark on windows it sometimes creates these large files in
> >>Windows/temp directory that start with "ether". Is there a way to turn
> >>this off?
> >>
> >>Thanks
> >>Al
> >>
> >>
> >>_______________________________________________
> >>Wireshark-users mailing list
> >>Wireshark-users@xxxxxxxxxxxxx
> >>https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> >
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Thu, 6 Nov 2008 14:39:25 -0700
> > From: Stephen Fisher <stephentfisher@xxxxxxxxx>
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: Community support list for Wireshark
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <[email protected]>
> > Content-Type: text/plain; charset=us-ascii
> >
> > On Thu, Nov 06, 2008 at 10:39:32AM -0700, Al Aghili wrote:
> >
> >> When we run tshark on windows it sometimes creates these large files
> >> in Windows/temp directory that start with "ether". Is there a way to
> >> turn this off?
> >
> > These files are used for temporarily storing captured data for the
> > session that you run tshark for.  They should be deleted when tshark is
> > closed and able to quit gracefully.  They cannot be turned off.  What
> > version of tshark/Wireshark are you using?  How are you stopping tshark?
> >
> >
> > Steve
> >
> >
> >
> > ------------------------------
> >
> > Message: 4
> > Date: Thu, 6 Nov 2008 16:01:40 -0700
> > From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: "'Community support list for Wireshark'"
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <00c201c94063$a2dc8230$2602a8c0@AlDell01>
> > Content-Type: text/plain;       charset="us-ascii"
> >
> > We're stopping it by killing the tshark process through a kill command
> > which I would think is not graceful. How do you recommend killing tshark
> > programmatically?
> >
> > Thanks
> > Al
> >
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen
> > Fisher
> > Sent: Thursday, November 06, 2008 2:39 PM
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> >
> > On Thu, Nov 06, 2008 at 10:39:32AM -0700, Al Aghili wrote:
> >
> >> When we run tshark on windows it sometimes creates these large files
> >> in Windows/temp directory that start with "ether". Is there a way to
> >> turn this off?
> >
> > These files are used for temporarily storing captured data for the
> > session that you run tshark for.  They should be deleted when tshark is
> > closed and able to quit gracefully.  They cannot be turned off.  What
> > version of tshark/Wireshark are you using?  How are you stopping tshark?
> >
> >
> > Steve
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> > ------------------------------
> >
> > Message: 5
> > Date: Thu, 6 Nov 2008 16:24:58 -0700
> > From: Stephen Fisher <stephentfisher@xxxxxxxxx>
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: Community support list for Wireshark
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <[email protected]>
> > Content-Type: text/plain; charset=us-ascii
> >
> > On Thu, Nov 06, 2008 at 04:01:40PM -0700, Al Aghili wrote:
> >
> >> We're stopping it by killing the tshark process through a kill command
> >> which I would think is not graceful. How do you recommend killing
> >> tshark programmatically?
> >
> > I assume you're using some sort of Unix?  In that case, SIGTERM (15),
> > SIGINT (2) and SIGHUP (1) are caught and should result in a graceful
> > shutdown of tshark.  A SIGKILL (9) is not catchable and forces tshark to
> > quit immediately.  Which are you using?
> >
> >
> > Steve
> >
> >
> >
> > ------------------------------
> >
> > Message: 6
> > Date: Thu, 6 Nov 2008 15:53:21 -0800
> > From: Guy Harris <guy@xxxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: Community support list for Wireshark
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <7EA5C406-16B1-4425-969B-87EC2FB1BFD3@xxxxxxxxxxxx>
> > Content-Type: text/plain; charset=WINDOWS-1252; format=flowed;
> >        delsp=yes
> >
> >
> > On Nov 6, 2008, at 9:39 AM, Al Aghili wrote:
> >
> >> When we run tshark on windows it sometimes creates these large files
> >> in Windows/temp directory that start with ?ether?. Is there a way to
> >> turn this off?
> >
> > Currently, no.  TShark runs dumpcap to do the traffic capture, and
> > currently, if you run it without the "-w" flag, tells dumpcap to write
> > to a temporary file, and reads from the temporary file.
> >
> > At some point it should be changed to, in that case, have dumpcap
> > write the packets on a pipe, and read from the pipe.
> >
> > When you terminate TShark with ^C, then it should get rid of the
> > file.  Is the problem that the file exists while the capture is being
> > done (in which case there's currently nothing you can do to stop it),
> > or that the file remains around after you terminate TShark?
> >
> > ------------------------------
> >
> > Message: 7
> > Date: Thu, 6 Nov 2008 16:59:18 -0700
> > From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> > To: "'Community support list for Wireshark'"
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <00c701c9406b$aeec7460$2602a8c0@AlDell01>
> > Content-Type: text/plain;       charset="us-ascii"
> >
> > Guy,
> > I think we may have to manually delete the files after we kill the
> > tshark process. That was the problem I think. There were files left over
> > because we are killing the process programmatically (not ^C).
> >
> > In a high traffic environment these files tend to get very big. So your
> > solution to write the packets on a pipe might work best in the future.
> >
> > At the same time if that increases the ram consumption then that's a
> > bigger problem because right now its on disk.
> >
> > Thanks for the help.
> >
> > Al
> >
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> > Sent: Thursday, November 06, 2008 4:53 PM
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] tshark creates files in temp dir
> >
> >
> > On Nov 6, 2008, at 9:39 AM, Al Aghili wrote:
> >
> >> When we run tshark on windows it sometimes creates these large files
> >> in Windows/temp directory that start with "ether". Is there a way to
> >> turn this off?
> >
> > Currently, no.  TShark runs dumpcap to do the traffic capture, and
> > currently, if you run it without the "-w" flag, tells dumpcap to write
> > to a temporary file, and reads from the temporary file.
> >
> > At some point it should be changed to, in that case, have dumpcap
> > write the packets on a pipe, and read from the pipe.
> >
> > When you terminate TShark with ^C, then it should get rid of the
> > file.  Is the problem that the file exists while the capture is being
> > done (in which case there's currently nothing you can do to stop it),
> > or that the file remains around after you terminate TShark?
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> > ------------------------------
> >
> > Message: 8
> > Date: Thu, 6 Nov 2008 17:13:14 -0700
> > From: "Ryan Zuidema" <Ryan.Zuidema@xxxxxxxxxxx>
> > Subject: Re: [Wireshark-users] Intermittent Performance Problems on
> >        Intranet
> > To: "'Community support list for Wireshark'"
> >        <wireshark-users@xxxxxxxxxxxxx>
> > Message-ID: <000d01c9406d$a0661f70$e1325e50$@Zuidema@xxxxxxxxxxx>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > Spiro,
> >
> >
> >
> > Yes that is exactly what Wireshark is good for, and for a beginner that
> is
> > an excellent place to start. You will want to capture off of a
> mirrored/span
> > port to begin with if possible. Running a live capture on the server
> could
> > use up more resources, and potentially give you a false reading. If you
> have
> > to capture on the server, you will need to run a simultaneous capture on
> an
> > affected client as well.
> >
> >
> >
> > Take a capture and pay attention to the timing between request and
> response
> > from the server.
> >
> >
> >
> > Ryan Zuidema
> >
> >
> >
> >
> >
> >
> >
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Cyril Spiro
> > Sent: 2008-11-06 07:04
> > To: wireshark-users@xxxxxxxxxxxxx
> > Subject: [Wireshark-users] Intermittent Performance Problems on Intranet
> >
> >
> >
> > Hi, I'm a newbie to Wireshark :)
> >
> >
> >
> > Our users on our Intranet are stating that their Web Application can get
> > slow at times.  If we run Wireshark on the Web server can we use it to
> > determine if the packets are being slowed down once they have gotten in
> the
> > Web server (ie, slow database calls, etc.) versus outside of the Web
> server
> > on the network?
> >
> >
> >
> > Thanks,
> >
> > spiroc
> >
> >
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> >
>
>
http://www.wireshark.org/lists/wireshark-users/attachments/20081106/7832f296
> > /attachment.htm
> >
> > ------------------------------
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> > End of Wireshark-users Digest, Vol 30, Issue 11
> > ***********************************************
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
>
>
>
> --
> Regards, Martin
>
> MartinVisser99@xxxxxxxxx
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 10 Nov 2008 10:33:58 +0000
> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
> Subject: Re: [Wireshark-users] Not need to save packet data
> To: "adisak@xxxxxxxxxxx" <adisak@xxxxxxxxxxx>,  Community support list
>        for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Message-ID: <3B15585E-4FAD-4399-ADF9-A4C85A46D86F@xxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Since Wireshark is intended for deep level packet inspection this may
> not be the right tool for you. Have a look at the tools page on the
> wiki, for instance at ntop.
>
> Thanx,
> Jaap
>
> Sent from my iPhone
>
> On 10 nov 2008, at 01:34, "Adisak" <adisak@xxxxxxxxxxx> wrote:
>
> > Hi all,
> >
> > I?m very new for Wireshark.
> >
> >
> >
> > I?ve download and used Wireshark on a few day ago.
> >
> > I?ll use Wireshark in my company for check the traffic of proxy serv
> > er.
> >
> > But, I?d like to collect only Time, IP address both source and Desti
> > nation, Protocol type and information only.
> >
> > Not need to save packet data, Because log file will growth big in a
> > shortly time.
> >
> > I?ve try to setting Wireshark for from 2 days ago but I can?t.
> >
> > Anyone have an idea for my question?
> >
> >
> >
> > P.S. I used Wireshark on windows.
> >
> >
> >
> > Best Regards,
> >
> > Adisak
> >
> >
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
>
http://www.wireshark.org/lists/wireshark-users/attachments/20081110/2e610c78
>
/attachment.htm<http://www.wireshark.org/lists/wireshark-users/attachments/2
0081110/2e610c78/attachment.htm>
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 30, Issue 17
> ***********************************************
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>


-- 
Regards, Martin

MartinVisser99@xxxxxxxxx
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20081112/4d6b9ca7
/attachment.htm 

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 30, Issue 24
***********************************************
[ Contents removed ]