1 | initial version |
OneDrive uses TCP ports 80 (HTTP) and 443 (HTTPS). The latter provides security by encrypting the data thus HTTPS captures are useless without the encryption key. Wireshark is able to decrypt data with the key.
While capture filters are very limited, they can at least filter an IP address and port. For client-side captures there is usually no need to configure a capture filter; however, they can be helpful in server-side captures for reducing or eliminating frames missing from the capture file due to excessive volume. The PC will receive all of the frames transmitted and received on the server's network interface and place it within its input buffer before Wireshark can filter it. The PC stores the filtered data. Disk latency is the most common cause of missing packets because the rate at which data can be stored is much slower that the rate at which the PC can place it in its input buffers. Whenever incoming rate exceeds the storage rate, frames are discarded. The problem is exacerbated by frequent spikes in data rate.
If the application issue is intermittent, Wireshark must be configured to store the packets received in given time period within in a group of files in a round-robin fashion. A sufficient number of files must be specified for the person monitoring the issue to notice the failure and terminate the capture before any of the relevant capture files are overwritten. If it is not possible to reproduce the problem immediately or within a reasonable period, you may have to employ this method. If so and you need help, let us know.
2 | No.2 Revision |
OneDrive uses TCP ports 80 (HTTP) and 443 (HTTPS). The latter provides security by encrypting the data thus HTTPS captures are useless without the encryption key. Wireshark is able to decrypt data with the key.
While capture filters are very limited, they can at least filter an IP address and port. For client-side captures there is usually no need to configure a capture filter; however, they can be helpful in server-side captures for in reducing or eliminating frames missing from the capture file due to excessive volume. The PC will receive all of the frames transmitted and received on the server's network interface and place it within its must be placed in the PC's input buffer before Wireshark can filter it. The PC stores the filtered data. Disk data and disk latency is the most common cause of missing packets frames because the rate at which data can be stored is much usually far slower that the rate at which it can be buffered. If the PC can place it in its input buffers. Whenever incoming rate exceeds the storage rate, frames are discarded. The problem is exacerbated by is configured to encrypt data (e.g., due to company policy), latency is worse. Furthermore, we have seen frequent spikes in data rate. the incoming data rate cause as much as 99% data loss.
If the application issue is intermittent, Wireshark must be configured to store the packets received in within a given time period within in interval among a group of files in a round-robin fashion. A sufficient number of files must be specified for the person monitoring the issue to notice the failure and terminate the capture before any of the relevant capture files are overwritten. If it is not possible to reproduce the problem immediately or within a reasonable period, you may have to employ this method. If so and you need help, let us know. know.