Wireshark course, Ch 05: Advanced statistics tools

1. NDI Communications - Engineering & Training Network analysis Using Wireshark Lesson 5 – Advanced Statistical Tools

2. Page 2 Lesson Objectives By the end of this lesson, the participant will be able to: Understand IO Graphs Understand TCP stream graphs

3. Page 3 Chapter Content Configuring IO Graphs with filters for measuring network performance issues Throughput measurements with IO Graph IO Graph configurations with advanced Y-Axis parameters TCP stream graphs – the Time-Sequence (Stevens) window TCP stream graphs – the Time-Sequence (Tcp-trace) window TCP stream graphs – the Throughput Graph window TCP stream graphs – the Round Trip Time window TCP stream graphs – the Window Scaling Graph window Case studies

4. Page 4 The "I/O Graphs" window

5. Page 5 The "I/O Graphs" window 1 2 3 4

6. Page 6 How to Test Line Performance Clicking on a specific place on the graph will forward us to the packet on the capture file

7. Page 7 And to see What Exactly Happened

8. Page 8 IO Graphs with Filters Green – Download Red – Upload Watching video streamSimple browsing Packets Per Second Traffic from PC (10.0.0.2) to the Internet {Upload} Traffic from Internet to the PC (10.0.0.2) {Download} Buffering Y-Scale: Packets/Tick

9. Page 9 What DupACKs Do:

10. Page 10 Another Example

11. Page 11 And Retransmissions Retransmissions DupACKs

12. Page 12 Protocol Distribution Graph

13. Page 13 Other Options with I/O Graphs

14. Page 14 TCP Connection Analysis

15. Page 15 RTP/RTSP Analysis

16. Page 16 IO Graphs Advanced Feature

18. Page 18 What We Measure Line/Port User Connection

19. Page 19 Example – Traffic Between Nodes Traffic between 10.2.10.101 and 10.2.10.240 Graph 1 (black) – total traffic Graph 2 (red) – filtered traffic Total traffic - no filter configured

20. Page 20 Example – Traffic on a Connection

22. Page 22 Advanced “Y-Axis”

23. Page 23 Retransmissions per Connection High retransmissions rate (10 per second) on the connection between 192.1.1.2 and 192.1.1.121 1 retransmissions/second 2 retransmissions/second

25. Page 25 TCP Stream Graphs There are four types of TCP graphs: Round Trip Time – time between packet send and Ack Throughput – throughput measured by sequence numbers Time-Sequence (Stevens) - TCP sequence numbers versus time Time-Sequence (tcptrace) - TCP sequence numbers versus time, ACK values received from the other endpoint and the receive window advertised from the other endpoint Window Scaling Graph – receiver window size

26. Page 26 Statistics – TCP Stream Graph

27. Page 27 Time / Sequence Graph (Stevens) Seq No [B] Time [Sec] Time / Sequence representes how sequence numbers advances with time In a good connection (like in the example), the line will be linear The angle of the line indicates the speed of the connection. In this example – fast connection Time/Sequence (Stevens)

28. Page 28 Time / Sequence Graph (Stevens) Seq No [B] Time [Sec] In this case, we see a non- contiguous graph Can be due to: Severe packet loss Server response (processing) time Time/Sequence (Stevens)

29. Page 29 Example B – Non-Stable Performance File Transfer 5.25 seconds after start of stream, we don’t see any connectivity problems – probably slow server/applications

30. Page 30 What are These ??? What happened here ??? Time/Sequence (Stevens)

31. Page 31 And This???

33. Page 33 Time / Sequence Graph (Tcptrace) Who is talking (What connection are we monitoring) ACKs Graph Data Graph Time/Sequence (tcptrace)

34. Page 34 And Some More Details …. Fast retransmission DupACKs Time/Sequence (tcptrace)

35. Page 35 And more … Sequence numbers advances in the same packet (actually the amount of date bytes in every packet) Time between packets This graph provides:  Efficiency – is data transferred in efficient manner  Packet sizes – are all packet the same  TCP behavior – are there any problems  And more ….. Time/Sequence (tcptrace)

36. Page 36 Another Example Time/Sequence (tcptrace) Segments sent And Ack’ed

38. Page 38 FTP Over HSUPA Graph Throughput Graph Instability Instability Instability Instability

39. Page 39 Example A - Stable Performance File Transfer

40. Page 40 Example A - Stable Performance File Transfer A stable throughput of around 1MB/8Mb per second It is important to test in parallel with SNMP tool for channel capacity Throughput Graph

41. Page 41 Example B – Non-Stable Performance Mail Transfer

42. Page 42 Example B – Non-Stable Performance File Transfer Something happened here (After ~5.25 Seconds) Throughput Graph

44. Page 44 Round-Trip Time Graph RTT Vs. Sequence numbers gives us the time that take to Ack every packet. In case of variations, it can cause DupACKs and even Retransmissions Usually will happen on communications lines: Over the Internet Over cellular networks RTT Graph

45. Page 45 FTP Over Cellular Media Analysis RTT Graph Instability Instability Instability Instability Instability Instability Instability

47. Page 47 Window Size Window size (Bytes) Time (Seconds) Stable Window Size InstabilitiesInstability Instabilities Instability

49. Page 49 Case #1 – Slow HTTP ZERO WINDOW / WINDOW FULL

50. Page 50 Case #2 - Voice Conference Voice stream #1 Voice stream #2 Total Traffic

51. Page 51 Case #3 -Transmission Problem? What happened here?

52. Page 52 Summary For more information, technical data and many examples and case studies: http://www.amazon.com/Network-Analysis-Using-Wireshark- Cookbook/dp/1849517649 Thanks!!! Yoram Orzach yoram@ndi-com.com +972-52-4899699

Wireshark course, Ch 05: Advanced statistics tools

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Wireshark course, Ch 05: Advanced statistics tools

Similar to Wireshark course, Ch 05: Advanced statistics tools (20)

More from Yoram Orzach

More from Yoram Orzach (17)

Recently uploaded

Recently uploaded (20)

Wireshark course, Ch 05: Advanced statistics tools