Looking to track down where a network bottleneck is

asked 2021-06-11 20:54:37 +0000

I have a customer using four (4) PoE card readers that communicate up to AWS. The readers recently started intermittently dropping offline due to a ping roundtrip taking over 400ms and then back down to 100ms and then back up over 400ms. The card reader manufacturer suggested using WireShark to do a packet capture using the IP addresses of the readers to see where there is a bottleneck in the network. I am looking to understand how to capture that and interpret the data in WireShark to determine the source of the problem.

answered 2021-06-12 07:48:04 +0000

BigFatCat gravatar image

The description says the readers are POE. They are most likely hardwired to a switch unless there are inline POE injectors. Checked if the switch supports mirror ports. You can mirror either one POE reader ports or uplink port. If the switch doesn't support mirror ports, try to insert either a hub, switch with mirror ports or TAP inline with the uplink port. It is possible to do the same on the POE reader ports, but you must ensure the readers have power.
After you have a capture, you can filter for ping requests and replies. The replies packets will have the response time in milliseconds. If you want to be creative with the display filter, there are several you tube videos demonstrating how to analyze pings with Wireshark. The syntax for Wireshark display filter can found at the Wireshark Wiki DisplayFilters .

