Shab
asked on
Need to find very weired bottleneck on network
I have been trying to find out a weired issue on our network that is with our web application which is hosted outside where we are...
For few users accessing this web application is nightmare (sometimes it will become fast then VERY,VERY slow then again it will work smoothly)
For few other users the web applications is continually accessible within 5 seconds without any issues...!!!!
Scenario:
ADSL Router Linksys (40 Mbps) -> Sonic-wall NSA240 (Gateway and DHCP, no differences for the users) -> PCs (Windows 7 Client)
Machine A - Public IP(whatismyip.com): 10.10.10.10 - Accessing with ISP's proxy server settings on IE( under connection settings) - Working like a charm - NO ISSUE AT ALL
Machine B - Public IP(whatismyip.com): 10.10.10.10 - Accessing with proxy server settings on IE - Sometimes working like charm sometimes very very slow then proxy turn off work like a charm !!!
After few minutes it will be very slow so we again turn on proxy then it will work again !!! THEN Again it will go back to SLOW....and keep continues................. .......... ..........
As I have implemented our full network infrastructure, so I can say there is no differences between machines and I have been using images for windows installations! and all users are on the same single network as well !!!
Is there any way I can monitor those two different behaviors machines to find out how traffic is going out an coming in ?
For few users accessing this web application is nightmare (sometimes it will become fast then VERY,VERY slow then again it will work smoothly)
For few other users the web applications is continually accessible within 5 seconds without any issues...!!!!
Scenario:
ADSL Router Linksys (40 Mbps) -> Sonic-wall NSA240 (Gateway and DHCP, no differences for the users) -> PCs (Windows 7 Client)
Machine A - Public IP(whatismyip.com): 10.10.10.10 - Accessing with ISP's proxy server settings on IE( under connection settings) - Working like a charm - NO ISSUE AT ALL
Machine B - Public IP(whatismyip.com): 10.10.10.10 - Accessing with proxy server settings on IE - Sometimes working like charm sometimes very very slow then proxy turn off work like a charm !!!
After few minutes it will be very slow so we again turn on proxy then it will work again !!! THEN Again it will go back to SLOW....and keep continues.................
As I have implemented our full network infrastructure, so I can say there is no differences between machines and I have been using images for windows installations! and all users are on the same single network as well !!!
Is there any way I can monitor those two different behaviors machines to find out how traffic is going out an coming in ?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
It helps to see those IP addresses when there's no filter and then set up the filter as you've described. Well, at least a display filter as you've described should do it.
You can quickly confirm what addresses are being seen by going to statistics and then endpoints. Conversations will show you what two conversations are going on.
Your display filter syntax looks right if the address is 1.1.1.1.
Your display filter syntax looks right if the address is 1.1.1.1.
ASKER
The information which getting from Wireshark is not understandable for me :( .
Is there any Wireshark manual for packet capturing and troubleshooting !!!
Is there any Wireshark manual for packet capturing and troubleshooting !!!
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
There is no easy to use manual for troubleshooting packet captures that I know of. You can get to the Wireshark user guide by clicking help.
However, sometimes from the statistics menu using the conversations or endpoints options and choosing from the various tabs then sorting the columns by the number of bytes or packets etc you can get a good idea of who is causing your issues. Once you know that it may lead you to what those devices are doing that can be corrected.
Also in the capture itself the expert flagging that Wireshark shows may give you a clue as to what is going on. It usually highlights those packets in the capture in black with red text.
Or you can see a list of all the packets expert has flagged with the analyze menu then the expert info option. If you use the severity filter in that window you can narrow down to the most serious issue noticed by Wireshark.
However, sometimes from the statistics menu using the conversations or endpoints options and choosing from the various tabs then sorting the columns by the number of bytes or packets etc you can get a good idea of who is causing your issues. Once you know that it may lead you to what those devices are doing that can be corrected.
Also in the capture itself the expert flagging that Wireshark shows may give you a clue as to what is going on. It usually highlights those packets in the capture in black with red text.
Or you can see a list of all the packets expert has flagged with the analyze menu then the expert info option. If you use the severity filter in that window you can narrow down to the most serious issue noticed by Wireshark.
If you click help then online then the wiki you might get some ideas there as well.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
I have installed Wireshark on one machine but how do I filter specific destination IP?
Could you please let me know how do I filter ? ip.addr == 1.1.1.1( IP address of the web application) showing empty !!!