Wireshark-users: Re: [Wireshark-users] Wireshark trace file for load runner events

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Fri, 5 Mar 2010 11:42:31 +1100
The biggest problem with determining the differences is that all your traffic is encrypted in SSL (HTTPS) so we can't see the actual transactions.

However by inference, the client is clearly operating differently.

The most obvious thing is the total amount of traffic (seen if you view the Statistics:Summary) the number of packets and bytes is just about double on the Loadrunner example. But I guess you already knew that

However the most telling thing can be seen from Statistics:Conversations and TCP. The manual only had 2 HTTPS sessions established. Both seem non-trivial (in terms of the volume of traffic). However for the loadrunner test there are 13 HTTPS sessions. Some of the loadrunner driven sessions have very little traffic, with only 1K or two going each direction.The  last two established SSL sessions seem to match the volume of your manual test.

So there is a clear difference in how the two operate. What that is can only be determined either through not using HTTPS (or decrypting the HTTPS) or using suitable browser or server analysis tools (something like Firebug in the former, and log or debug tracing on the server.


Regards, Martin

MartinVisser99@xxxxxxxxx


On Wed, Mar 3, 2010 at 11:40 PM, Mahendranath.N <mahendranath_n@xxxxxxxxxxx> wrote:
Hi Martin,
 
Please find the attched wiresharkl files captured during navgation of same flow manually & by load runner.
 
manually we observed 161 entries and when we capture the same process by load runner we observed 369.
 
We made sure there is no extra browser or extra software running n the system.
 
Please find the attchment for both the files.  Info ont he extra entries during load runner capture will help us greatly.
 
Regards,
Mahendranath

--- On Tue, 3/2/10, Martin Visser <martinvisser99@xxxxxxxxx> wrote:

From: Martin Visser <martinvisser99@xxxxxxxxx>
Subject: Re: [Wireshark-users] Wireshark trace file for load runner events
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Tuesday, March 2, 2010, 8:32 AM


Mahendranath,

You need to provide a little more info for us to help.

I am sure that "Ethernt 2, src : HewlettP_5c:80:39" isn't all that appears the information on the packets you are seeing. The best guess is that "Ethernet 2" is the name of interface and that "HewlettP_5c:80:39" is simply the source MAC address of the packet (where the first 3 bytes of the actual MAC address xx:xx:xx get resolved to HewlettP")

I think we would need to see a well-filtered sample of the packets from your manual and Loadrunner scenarios to be able to compare. (Loadrunner tries to "emulate" clients so it simply might be not be a perfect emulator)

Regards, Martin

MartinVisser99@xxxxxxxxx


On Mon, Mar 1, 2010 at 6:22 PM, Mahendranath.N <mahendranath_n@xxxxxxxxxxx> wrote:
Hi ,
 
I have a scenario and i observed around 160 wire shark calls for manual navigation of that scenario,.The same scenario I am trying to capture by using load runner with Wireshark enabled, but observed 240 calls.
 
Can anyone clarify why there are extra calls for navigating the same scenario by load runner.
 
Each extra call has Etehernet syntax as below :
 
Ethernt 2, src : HewlettP_5c:80:39
 
It will be great if someone can clarify the above... 
 
Regards,
Mahendranath
 
 
 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


-----Inline Attachment Follows-----


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe