Detect network issue
Hi all. I'm quite new about network and facing some SharePoint application's performance issue which I think might be related to network
Currently, the topology is as below
Client <-> Proxy server <-> App server <-> Database
The issue is that users sometime see long loading time, which can take more than 30s. To detect root cause, we run Wireshark on Proxy and App server. However, because I'm new to network, when looking at log records, I don't know how to identify requests which take long time to response, or which can cause long loading issue. I tried http.time filter as well as TCP delta time but not sure if they're correct things to follow. As far as I understand, the connection between Client <-> Proxy and Proxy <-> App I should look for HTTP request; and between App <-> Database I should look for TCP request since there's no HTTP here. If there's a request which take high response time from Proxy -> Client, it might be due to high response time of subsequent request between Proxy <-> App <-> Database. Is it correct ?
I'm very appreciated if you guys can instruct me how to investigate logs in correct way
Application protocols which use TCP as their transport layer (such as http) usually reuse the same TCP session for multiple request/response exchanges. If Wireshark has a dissector for the application protocol, it can identify the relationship between a request and its response and show the time distance between them. If it doesn't, it requires some reverse engineering of the application protocol to identify requests and responses. TCP delta time may or may not help here depending on how many threads communicate using the same TCP session. I.e. if a new request may be sent before the previous has been responded, you cannot use TCP delta time to identify late answers, and you have to find the identifier token which that application protocol uses to pair requests to responses.
A wild guess - are we talking about virtual servers here?