I am often confused how do we start to analyze the TCP traffic, I have trace file attached.Can any one guide how do we start.I usually do .Analyze > Export Info Composite.
Here i See
So i do start.....Now IP : 10.45.56.8 is at our end....
I am very thankfull in advance for the Guidance given.
This question is marked "community wiki".
You could start by filtering on "tcp.analysis.flags" which will show you packets that have some kind of expert message from Wireshark. With that you can get an overview over the type of TCP trouble you may have, because to be sure you'll have to verify them.
First step, if you have a lot of retransmissions and duplicate acks would be to verify that they're not actually duplicates (meaning, they're either totally identical to a former packet, or the same packet but after routing). If you can rule out duplicates you then need to find out if the problems you see are really hurting your transmisson. I usually do not care about a couple of retransmissions that create a delay of just a few milliseconds, but it is a total different story if I see the communication being slowed down in the half second range (or more).
Another thing you should look at is the TCP window size. Make sure it stays large enough to not slow down the sender. The window size can tell you if a system is too slow when processing incoming data, so this is your best tool to prove that a system is slow, not the network.
answered 20 Aug '12, 00:55