Ask Your Question
0

track a packet though a network?

asked 2019-09-11 17:44:03 +0000

blackjack gravatar image

updated 2019-09-11 17:48:21 +0000

We are having a bottleneck on a clients network (a 'post' from a user's computer - actually every computer on their network) out to our servers. We will have their network IT person with admin rights do it as we are in a different city... The IT folks there seem a bit overwhelmed - "its not our fault but it is our problem" - type scenario. Can they use Wireshark to do this? If so could someone point me in the correct direct?

Many thanks!

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
1

answered 2019-09-11 20:45:18 +0000

Spooky gravatar image

Hi Blackjack,

Wireshark can do many wonderful things but not knowing enough about your particular issue, I'm going to suggest you read two recent answers I gave to similar questions.

One is one suggestion on how to troubleshooting with Wireshark and the the other is things to keep in mind when using a laptop as a capture device.

Hope this helps.

Cheers,

Spooky

edit flag offensive delete link more

Comments

What specifically would you need to know?

More details: - user is on a computer, on their network - user is logged into our website, - user clicks "Save" in our site, (form type data) which is then posted to our site via a standard http post to our servers which are hosted - everywhere else, the post takes 3 seconds - only on this network does the post take 1.5 minutes

So my question is will Wireshark allow their IT guy to watch our packet (the http post) as it makes its way through their network to help find the bottleneck?

Thanks for any direction.

blackjack gravatar imageblackjack ( 2019-09-12 14:50:39 +0000 )edit

So my question is will Wireshark allow their IT guy to watch our packet (the http post) as it makes its way through their network to help find the bottleneck?

Only if, at each machine (switch, router, whatever) through which the packet would pass through their network, they have something performing a network capture. Wireshark probably can't run directly on switches/routers/etc., but either there might be some way to tap into traffic going through the machine or the machine might itself support capturing traffic to a file that Wireshark can read (for example, a pcap or pcapng file). Packet capturing, whether done by Wireshark or any other hardware, firmware, or software, will only see the packet at the point of capture; it won't see the entire path of the packet through a network - you need to capture at multiple points on that path to see that ...(more)

Guy Harris gravatar imageGuy Harris ( 2019-09-12 21:49:55 +0000 )edit
add a comment
0

answered 2019-09-13 10:14:41 +0000

SYN-bit gravatar image

Wireshark can only capture traffic as it is seen at the point where it is taking the capture (or where the capturing device was taking the capture if another tool is used for the capturing).

Basically this problem has 3 area's:

  1. The network of the client
  2. The Internet
  3. Your network

As you have control over your network, you can start by capturing the traffic for this particular client on your side. Capture at the edge of your network (just after the traffic came from the Internet into your network. By analyzing the specific problematic POST within the captured data, you can determine whether the delay is caused within your own network or not.

If not, have the customer make a trace in their network, again, just before going onto the Internet link. By analyzing the specific problematic POST within the captured data, you (or they) can determine whether the delay is caused within their network or not.

Of course it would be best to make these two traces at the same time so the actual traffic can be compared.

After this exercise, you at least know who is responsible for this issue. If the problem lies in between your networks, then your client needs to contact their ISP to repeat this process up the stream until it is clear where the problem is caused. But usually it is caused within the networks of one of the two endpoints.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-09-11 17:44:03 +0000

Seen: 399 times

Last updated: Sep 13 '19

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2