Lmt Filecopy


Published on

File copy comparison using Wireshark and various protocols

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Hello, It’s Tony Fortunato from the Technology Firm In this presentation we will be comparing the differences between various protocols I am using my popular User Group and Throughput class format where we take a baselining example and have you steer me through what information you need. Enjoy
  • I find more and more customers asking 2 basic questions; Why is the newer app slower than the old one We can use various applications/protocols for the same task, so which one is better How come app X suddenly runs slow, or times-out? Since I am analyzing the application behavior, 2 laptops are fine. If performance was the issue, then I would make sure I had similar hardware. Making sure you have a plan and some kind of naming convention sounds so trivial, but makes the exercise go much quicker and instills some consistency
  • I always document the test/lab environment in case I come back at a later date and need to perform more tests Having the trace files helps since I have the MAC addresses of the PC’s in case I don’t document the computer names – like this time
  • Many times computers may be communicating with servers, broadcasting or chatting via remote desktop control applications. The very basic host filter helps capture only the data between the 2 stations. Since I am on a switch I do not need to put my ip into the filter, just the destination IP address
  • Learning how to automate, or what to type in for your transfers helps make your testing go more quicker and consistently I am always surprised how many people I impress by typing the url into the Start->Run dialogue box
  • As you start digging into applications and protocols you will find that there are many setting that can be changed affect your performance
  • Much like my earlier comment, I prefer to use the command prompt for better control and many times the command prompt will show error or status messages that the GUI will not
  • Anyone who has been through this process before, can attest to the fact that things can quickly get out of control and chew up most of your day --- or life So I will start with the basics – cleaning up the trace file and using the popular Statistics->Summary screen
  • I try to use this screen as much as possible since I can easily identify which port number is used for the transfer. This is especially handy with the transfer is embedded within an application or proprietary After your display filter is applied, you will notice in many of the Wireshark screens, will have radio buttons or references to the displayed results as well as the entire trace
  • This is an example of what I just mentioned, this screen has a Captured and Displayed column headers For our purposes, I will use the Displayed column from all 2 traces. There are ways to do this from the command prompt using tshark and the –z option, but I want to keep this as straight forward as possible
  • Anyone who knows me, knows I always try generate a graph. I find a graph easily highlights the highs and lows for technical and non technical staff This chart only took a few minutes to put together
  • Now I will try something different. I am asking the Lovemytool audience to let me know what the next presentation should cover. I can easily go off an a tangent and give you pages of information that may not help you. I have created an email address for those of you who who prefer to email me your feedback. Let me know what you would like to see me do next
  • I am looking forward to your feedback for my next series of slides and hopes this helps you along the way. Enjoy
  • Lmt Filecopy

    1. 1. Examining A File Copy Comparison Tony Fortunato Network Performance Specialist The Technology Firm
    2. 2. Why??????? <ul><li>Many applications use different protocols to transfer data and you may need to explain why one is more efficient than others </li></ul><ul><li>For example, the latest version of the software may use a different protocol for a signature file update </li></ul><ul><li>The most common example of this methodology is when you have several choices to copy data and want the ‘fastest’ or more efficient option </li></ul><ul><li>When you need to document the behavior of a protocol or application, 2 laptops or desktops will do fine. </li></ul><ul><li>If performance was the goal, then you need similar hardware </li></ul><ul><li>Before you start capturing, you should establish naming conventions and directory structure, so you don’t have to figure it out as you got along. For example, the filename will be named after the protocol used for that test </li></ul><ul><ul><li>ftp, tftp, http – original trace files </li></ul></ul><ul><ul><li>ftp_xfer, tftp_xfer, http_xfer – trace files of just the data transfer </li></ul></ul>
    3. 3. Lab Setup Server HTTP FTP TFTP Client <ul><li>Throughput BASELINE </li></ul><ul><li>In this example we ran IPERF and got 94.4 Mbps up and 96.3 Mbps down </li></ul><ul><li>This helped understand and illustrate if the PC’s, cabling and switches are working optimally </li></ul><ul><li>You now have a throughput baseline to compare against the protocols </li></ul>100 Mbps 100 Mbps
    4. 4. Setting Up Wireshark <ul><li>To avoid getting other data in my trace I used the IP of the server as my capture filter </li></ul>
    5. 5. HTTP Copy <ul><li>I always try to figure out the syntax to access what I want to test directly from the Start->Run command prompt </li></ul><ul><li>In this example, typing in the specific URL, will avoid generating traffic from my default home page, etc… </li></ul><ul><li>If there are prompts or logins, I capture the screen and ideally, the corresponding packet numbers, to properly understand delay </li></ul><ul><li>You would want to note which web browser you used, or if the transfer was handled by an application </li></ul>
    6. 6. TFPT CLIENT <ul><li>Various TFTP clients have different options available. </li></ul><ul><li>I like this client since you can define the BLOCK Size to simulate what other clients may be doing and left it at 512 Bytes, which is a common tftp client default. </li></ul>
    7. 7. FTP Client <ul><li>I always try to use the command prompt since I get more control and know that response codes will be displayed back </li></ul><ul><li>Try to automate the process if you can </li></ul><ul><li>As you dig deeper into any protocol you would want to note specific application behavior </li></ul><ul><li>For example; </li></ul><ul><ul><li>Active or Passive </li></ul></ul><ul><ul><li>List of commands sent, but not supported </li></ul></ul><ul><ul><li>Does client try to log in with account defaults before using the client credentials </li></ul></ul><ul><ul><li>Does software use multiple TCP connections </li></ul></ul>
    8. 8. NOW WHAT!!!!!!!!!!!!!!!!!!!!!!!!! <ul><li>OK, so you have 3 trace files of various lengths and characteristics </li></ul><ul><li>Since this is the first (or possibly more) in the next series of Examining or baselining, I will start with the basics </li></ul><ul><ul><li>Clean up trace files – Display filters </li></ul></ul><ul><ul><li>Compare and explain Statistics Screen </li></ul></ul><ul><li>The most important tip I can give is to have a plan or goal before you start the process </li></ul><ul><li>Resist the urge to capture packets ‘just because someone asked me to sniff the app’ </li></ul>
    9. 9. Display Filter <ul><li>I opened the FTP trace file </li></ul><ul><li>Went to Statistics -> Conversations and selected the TCP tab </li></ul><ul><li>I clicked on the Bytes Colum header to identify the port number used for the transfer </li></ul><ul><li>Right-Click on the first line </li></ul><ul><ul><li>Apply As Filter->Selected->A<->B </li></ul></ul><ul><li>Now you have a filtered Trace File </li></ul><ul><li>Repeat the same steps with the other traces, keeping in mind that the tftp will be UDP, not TCP </li></ul>
    10. 10. Statistics Summary <ul><li>I usually use all the following info under the Displayed header to start my comparison </li></ul>
    11. 11. Summarizing your Summary data <ul><li>I find the most helpful way to compare anything is to use a table and/or chart </li></ul>
    12. 12. Next…. <ul><li>If you found this helpful, let me know via the Comment Area, or email me at [email_address] with your suggestions </li></ul><ul><li>Possible next topics </li></ul><ul><ul><li>More detailed analysis between all three protocols </li></ul></ul><ul><ul><li>HTTP protocol analysis </li></ul></ul><ul><ul><li>FTP protocol analysis </li></ul></ul><ul><ul><li>TFTP protocol analysis </li></ul></ul><ul><ul><li>TCP Protocol analysis </li></ul></ul><ul><ul><li>Calculating application read/write block sizes </li></ul></ul><ul><ul><li>Using the; </li></ul></ul><ul><ul><ul><li>IO Graphs </li></ul></ul></ul><ul><ul><ul><li>Round Trip Time Graph </li></ul></ul></ul><ul><ul><ul><li>Sequence Graph </li></ul></ul></ul><ul><ul><li>How to make your own Graphs from a trace file </li></ul></ul>
    13. 13. Thank You Examining A File Copy Comparison Tony Fortunato Network Performance Specialist The Technology Firm