Wireshark 300: Curing Latency and Network Slowness

最新推荐文章于 2024-08-15 17:30:17 发布
最新推荐文章于 2024-08-15 17:30:17 发布
阅读量445 收藏
点赞数
分类专栏: 抓包 协议分析
本文介绍如何使用Wireshark工具诊断网络延迟问题,通过分析TCP对话时间戳,定位造成互联网连接缓慢的根本原因。文章详细解释了如何设置并解读Wireshark的Capture conversation timestamps功能,以找出网络中最大的延迟源。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

转自:vonnie

Laaatteennncyyyyy.

AKA SLOWNESS!  No one wants to deal with it but how many of us know the root cause of the problem?  With Wireshark you can figure out exactly what’s causing your internet connection to crawl.

 

Here’s the scenario:

Everytime a user tries to access the internet it takes the page forever to download.  What’s going on?

You can use Wireshark to gain insight on the problem.  You can either start your capture on the host computer itself or configure port-spanning on the Cisco switch to mirror the traffic out an adjacent switchport.  But let’s assume you don’t have access to the Cisco switch.  Maybe you’re not authorized or you don’t want to bother with switchport configuration on a Cisco switch.

At any given moment a single computer will have multiple TCP connections to various destinations so our first order of business is see the time difference between segments within a single TCP conversation.

Start the packet capture, right click the relevant row in the PDU data pane and mouse down to Protocol preferences.

Make sure Calculate conversation timestamps has check next to it.  You might also want to set this up in a new Wireshark profile.

(ps:上面提到的"Calculate conversation timestamps"这个功能只有TCP及基于TCP的上层协议才会有,分别对应wireshark处理TCP协议时用到的TSval和TSecr字段,其中TSval字段是TCP发送方的时钟,参考跳转;如果要计算捕获的TCP\DNS\HTTP包之间的时间差,可以分别使用:

1.tcp.time_relative或tcp.time_delta作为显示列,这两项正好对应TCP协议在"Packet detail"面板中的Timestamps选项;

2.DNS可以用dns.time作为显示列;

3.Http可以用http.time作为显示列;)

Now if you scroll down in the PDU details pane you’ll see a new section under the Transmission Control Protocol dissector called:

[Timestamps]

Now we can see the time in seconds since the last TCP segment in the current conversation.

Great, now let’s make it a little easier to read this by adding this valuable data as a new column.

Right click the TCP dissector in the details pane and choose Apply as Column from the popup menu.

Bam!

The new column appears but it’s a little too long isn’t it?

It says:

Time since previous frame in this TCP stream

But let’s rename it to:

Segment Delta

That way we’ll know this contains the change (delta) between TCP segments.

Right click the column and choose Edit Column Details…

Great, now double click the column to sort by slowest values and scroll through the output.  You’ll quickly see the TCP conversations responsible for the greatest latency.

To start this test for you, I downloaded a program called Netlimiter and installed it on my Windows 8.1 Virtual Machine.  Then I manually told Netlimiter to limit all inbound and outbound traffic flows to a wimpy 5kbps.  Ha!

So when I started the capture I could easily see the largest offenders.

You can see a segment delta of 941 milliseconds (almost a full second) from a request to download a JPG on 198.57.208.223 (which is fixedbyvonnie.com)

I hope this helps!  Leave me your questions, cheers or digital beer in the comments below.

 

 

 

山东大学计算机网络实验Wireshark Lab:TLS v8.1(含问题答案)
Water_Star1的博客
08-07 2708
山东大学计算机网络实验Wireshark Lab:TLS v8.1(含问题答案) 在本实验中,我们将研究传输层安全性(称为TLS)以及TLS提供的身份验证、 数据完整性和机密性服务的各个方面。TLS是现已弃用的安全套接字层(SSL) 的继承者。因此,最好使用v8.1 TLS Wireshark实验室,而不是v8.0 SSL Wireshark实验室。
Wireshark Lab: Ethernet and ARP v7.0
astralcon的博客
11-24 6290
0. 实验文件地址 Wireshark Lab: Ethernet and ARP v7.0 数据字段(46~1500字节):这个字段承载了IP数据报。以太网的最大传输单元(MTU)是1500字节。 目的地址(6字节):这个字段包含目的适配器的MAC地址。 源地址(6字节):这个字段包含了传输到该帧到局域网上的适配器的MAC地址。 类型字段(2字节):类型字段允许以太网复用多种网络层协议。 CRC(4字节):CRC(循环冗余检测)使得接收适配器的检测帧中是否引入了差错。 前同步码(8字节):以太网以一个8
icmp基于tcp还是udp_基于wireshark报文分析快速过滤(tcp,icmp,http)报文时延
weixin_39542850的博客
11-24 593
虚拟网络运维––基于wireshark报文分析快速过滤(tcp,icmp,http)报文时延前言在网络运维中,在报文分析时,时延类问题是比较常见的问题场景,如何快速定位到高时延的报文就会比较有用;这里简单介绍一下基于wireshark快速过滤tcp、http、icmp协议报文的高时延报文;文章原创输出,请认准作者[[海渊_haiyuan]],感谢;tcp协议高时延报文定位在过滤tcp协议报文的高时...
wireshark抓包红色_Wireshark网络抓包(二)——过滤器
weixin_39637723的博客
12-20 1000
一、捕获过滤器选中捕获选项后,就会弹出下面这个框,在红色输入框中就可以编写过滤规则。1)捕获单个IP地址2)捕获IP地址范围3)捕获广播或多播地址4)捕获MAC地址5)捕获所有端口号6)捕获特定ICMP数据当网络中出现性能或安全问题时,将会看到ICMP(互联网控制消息协议)。在这种情况下,用户必须使用一个偏移量表示一个ICMP中字段的位置。偏移量0表示ICMP字段类型,偏移量1表示ICMP位置代码...
Wireshark 提示和技巧 | frame.time_delta 和 frame.time_delta_displayed
7ACE的博客
10-05 6317
Wireshark 提示和技巧系列 | frame.time_delta 和 frame.time_delta_displayed
如何从抓包文件中分析慢请求
我活在当下,我巨他妈勇敢。
06-06 1460
🔥🔥性能优化,服务监控方面的知识往往涉及量广且比较零散,我会持续输出这方面的内容,将这部分知识整理成册,愿以后性能排查不再抓瞎。
tcp的理解
baidu_16370559的博客
02-09 758
15、紧急指针:仅在 URG = 1时才有意义,它代表本报文段中的紧急数据的字节数(紧急数据结束后就是普通数据),即指出紧急数据在报文末尾的位置,(注意:及时窗口为0 时也可以发送紧急数据)11、同步SYN:仅在三次握手建立TCP连接时有效,当SYN = 1 且 ACK = 0,表明 请求连接报文段,SYN = 1 且 ACK = 0,同意建立连接报文段。9、推送位PSH:此置为 1,即发送方,希望接收方接收缓冲区的数据,即TCP使用推送(PUSH)操作,接收方不再等整个缓冲区填满后再交付。
Wireshark 101: Essential Skills for Network Analysis 2nd
12-28
看着应该是真正truepdf,不像转换的,非常清晰,大家需要的下载吧
Wireshark实验八:Ethernet and ARP
weixin_42093700的博客
09-04 6628
参考 https://blog.csdn.net/qq_41708792/article/details/103641044 实验 访问http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html并用Wireshark捕获 在“启用的协议”中,取消IPv4勾选。 问题解答 你的电脑 48 位的地址是多少 以太网帧中的 48 位目标地址是什么?这是 gaia.cs.umass.edu 的以太网地址吗? 以太
Wireshark Lab: TCP v7.0
astralcon的博客
10-25 5863
0. 实验文件地址 http://www-net.cs.umass.edu/wireshark-labs/Wireshark_TCP_v7.0.pdf 1. Capturing a bulk TCP transfer from your computer to a remote server Packets Display 2. A first look at the captured trace Question & Answer
Network Analysis Using Wireshark 2 Cookbook
12-14
Over 100 recipes to analyze and troubleshoot network problems using Wireshark 2 This book contains practical recipes on troubleshooting a data communications network. This second version of the book focuses on Wireshark 2, which has already gained a lot of traction due to the enhanced features that it offers to users. The book expands on some of the subjects explored in the first version, including TCP performance, network security, Wireless LAN, and how to use Wireshark for cloud and virtual system monitoring. You will learn how to analyze end-to-end IPv4 and IPv6 connectivity failures for Unicast and Multicast traffic using Wireshark. It also includes Wireshark capture files so that you can practice what you’ve learned in the book. You will understand the normal operation of E-mail protocols and learn how to use Wireshark for basic analysis and troubleshooting. Using Wireshark, you will be able to resolve and troubleshoot common applications that are used in an enterprise network, like NetBIOS and SMB protocols. Finally, you will also be able to measure network parameters, check for network problems caused by them, and solve them effectively. By the end of this book, you’ll know how to analyze traffic, find patterns of various offending traffic, and secure your network from them. What You Will Learn Configure Wireshark 2 for effective network analysis and troubleshooting Set up various display and capture filters Understand networking layers, including IPv4 and IPv6 analysis Explore performance issues in TCP/IP Get to know about Wi-Fi testing and how to resolve problems related to wireless LANs Get information about network phenomena, events, and errors Locate faults in detecting security failures and breaches in networks
Network Analysis Using Wireshark Cookbook 无水印pdf
09-27
Network Analysis Using Wireshark Cookbook 英文无水印pdf pdf所有页面使用FoxitReader和PDF-XChangeViewer测试都可以打开 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
请求从前端到后端跟踪调试
一瓶绿茶三元钱
06-06 718
🔥🔥性能优化,服务监控方面的知识往往涉及量广且比较零散,我会持续输出这方面的内容,将这部分知识整理成册,愿以后性能排查不再抓瞎。
浅析TCP中时间戳选项timestamp
热门推荐
海阔天空sky的博客
08-16 2万+
在TCP可选项字段中为TCP预留有时间戳功能。 1、TCP可选项格式: 关于TCP可选项字段的详细内容可以查看我的另一篇博客:浅析TCP头部可选项 时间戳选项占10个字节= kind(1字节) + length(1字节) + info (8字节),其中kind=8,length=10,info由timestamp和timestamp echo两个值组成,各4个字节的长度。 2、
[转载]TCP 的那些事儿
zzzdong的专栏
06-04 1701
TCP 的那些事儿(上) 2014年5月28日陈皓 TCP是一个巨复杂的协议,因为他要解决很多问题,而这些问题又带出了很多子问题和阴暗面。所以学习TCP本身是个比较痛苦的过程,但对于学习的过程却能让人有很多收获。关于TCP这个协议的细节,我还是推荐你去看W.Richard Stevens的《TCP/IP 详解 卷1:协议》(当然,你也可以去读一下RFC793以及后面N多的RFC)。另外
Wireshark抓包语句、抓包分析及校验和计算
Chenhui的博客
12-23 1万+
文章目录一. Wireshark下载二. Wireshark抓取数据包1.抓取数据包2.常见的抓包过滤语句1. 过滤IP2.过滤端口3.过滤协议4.过滤MAC地址5.http模式过滤三.对数据包分析1. 物理层数据帧的分析2.数据链路层以太网帧头部信息3.网络层IP数据包头部信息4.传输层TCP数据段头部信息四. IP校验和计算 一. Wireshark下载 WireShark官网链接:https://www.wireshark.org/ 在官网的下载页面选择相应的下载文件进行下载,然后安装。  
2020-12-21 wireshark抓包分析
菜鸟小芝
12-21 1924
一、各模块详解: Frame:物理层的数据帧情况。 Ethernet II :数据链路层以太网帧头部信息。 Internet Protocol Version 4:以太网协议层。 Transmission Control Protocol:传输控制协议。 HyperText Transfer Protocol:超文本传输协议。 对于各种协议而言,前三层基本一样,第四层开始就可以出现TCP, UDP 协议,第五层就有HTTP 应用层协议等。 ​第一层:Frame(物理层) //第68帧,有
Wireshark分析HTTP请求数据包了解TCP协议
最新发布
ystyaoshengting的专栏
08-15 1006
MSSSACK_PERMWS标志位。
Wireshark网络分析实战笔记(四)高级信息统计工具的用法
microminor
04-06 8768
高级信息统计工具的用法 IO Graphs:借助该工具同时配搭预先定义的显示过滤器,便可生成各种易于阅读的信息统计图表 使用方法:Statistics菜单栏下IO Graphs选项 显示过滤器的配置:在Display filter项内输入需要配置的显示过滤器(不配置显示过滤器就是显示所有的数据包),然后勾选上前面的对勾就可显示图表 IO Graphs中的Y Axis高级选项: SUM():在Y Field中输入条件,统计每个计时单位内,实际传输IP数据包的总字节数,,并生成图像 COUNT FRAMES()
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值