Ask Your Question

Perfmon Vs Wireshark

asked 2017-12-03 16:40:14 +0000

benda gravatar image

Hi all, i have a problem and i am short of knowledge pls help the problem is that we have some WorkStation monitoring agent that report high re-transmit the agent collecting prefmon every sec and avg every 15 sec and end the percent to the server the problem is we dont see correlation with WireShark in the Perfmon u can see fragment retransmitted and in the Wireshark none or low numbers anyone can understand me who is Lying the Perfmon or Wireshark ??

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-12-03 20:25:07 +0000

sindy gravatar image

Depends on where and how the Wireshark capture is taken. While you may capture on the machine where the traffic originates/terminates, it is always the best to capture outside it, using port mirroring or similar techniques to copy the traffic to a machine dedicated for capturing. This allows to avoid issues like TCP offloading which may make some packets invisible to the capturing process and like packets missed due to insufficient processing power. On the other hand, if the perfmon is running on the same machine like the capturing process of Wireshark, both should be affected by the same effects.

So capturing by an independent machine outside the monitored one will always tell you the truth. Capturing simultaneously on the machine which is the source&destination of the traffic will allow you to compare the two traces and see how much any of the effects described above affects the accuracy of self-capturing in case of that particular machine.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-12-03 16:40:14 +0000

Seen: 316 times

Last updated: Dec 03 '17