How to make use of Wireshark to troubleshoot a slow network?

Summary

This articles explains some of the techniques available in Wireshark to troubleshoot network slowness issue.

Question

How do I use Wireshark to troubleshoot slowness on my network?

Customer Environment

Wireless or a wired network.

Root Cause

Users complaining about slowness due to various reasons.

Resolution

Network can be slow for various reasons. If the root cause isn't obvious by looking at performance graphs, cabling, and other hardware, Wireshark can be put to use to narrow down.
Following are some of ways Wireshark can help:
1. What is being downloaded?
Once you have a packet capture opened in Wireshark, go to Statics --> Protocol Hierarchy.
This will show what types of traffic are going through the network. A high percentage of broadcast and peer-to-peer are not good. Also look for other protocols that look suspicious.
2. Quick snapshot of errors and connection issues.
In the Wireshark go to Analyze --> Expert Info.
You should be worried if there are high number of errors and warnings.
3. Connection speed to a particular website.
Use a Filter field to see traffic to only a particular website. For example, if your client has an IP of 192.168.2.25 and the website has an IP of 72.27.72.72, you can use a filter such as "ip.addr==192.168.2.25 && ip.addr==72.27.72.72".
Now go to Statistics --> Flow Graph. In the pop-up, choose "Displayed packets, "General flow, and "Standard source/destination addresses" and hit "OK". This flow graph will show, if the connection establishment is taking too long, if there are too many retransmissions, and if the connection is getting re-established too many times.
4. Particular traffic type is consistently high over time.
This is much more useful after you have done protocol analysis explained in point # 1 or you suspect a particular traffic flow.
In the Wireshark go to Statics --> IO Graphs.
It will plot total number of packets seen over time by default. If you want to see particular traffic as a portion of this total packets, type into the "Filter" that is next to "Graph 2" and click on "Graph 2". This will show another graph under the default graph.
5. How much time is spent in waiting for a response?
You can add a delta time column for this. Right click on any of the column headers in the Wireshark and then click on the "Column Preferences". Click on "Add" and then change the "Field type" to "Delta time". You can also move around this new column. This column will show time difference from the previous packet.

This list in not meant to be comprehensive to understand what went wrong but should be of a little help.

Article Number:
000003943

Updated:
January 20, 2015 01:11 AM (over 11 years ago)

Tags:
Performance, Troubleshooting, ZoneFlex Indoor, SmartCell Insight (SCI)

Votes:
2

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close