The resulting numbers were somewhat high, but I've seen worse. After taking a look at the results of this display filter, I noticed what seemed an high number of TCP retransmissions, so I decided to see exactly which packets were being retransmitted with a different display filter,, which will show me only those packets Wireshark believes to be TCP retransmissions. With a typical capture file, I'll start with ,which simply tells Wireshark, "hey, show me what YOU think are TCP problems." Now, as I said, none of these tools are perfect, so take these results with a grain of salt they're only as good as are the underlying data, and it's very easy to collect inaccurate or incomplete data. Now, every Wireshark user has their own approach I usually take advantage of Wireshark's display filters to get a general "feel" for the incidence of Layer 3/4 problems. One recent case was presented as "many failed connections," and a 6-minute packet capture soon landed in my lap. My primary tool is Wireshark, which humbly presents itself as "The World's Most Popular Network Protocol Analyzer." (Seriously - if you aren't using Wireshark, go download it NOW.) Protocol analyzers are great for identifying typical "red flags" in packet data, but they're all limited to what the raw data might indicate customer network environments are so broad (and so varied) that the network engineer-especially one "on the outside looking in" with only a small data set-relies heavily on experience and intuition. I spend a healthy chunk of my typical work day analyzing network packet captures.
0 kommentar(er)
