leblanc
asked on
wireshark packet tracking
I am capturing the packets with Wireshark on both ends of the WAN side. I am trying to track the packet when it comes to the other side. Is there anything within the packet that I can use to track my packet from the other side? Thanks
ASKER
What I meant was if a packet 1 on site A going to site B and I cam capturing the traffic in site B, which one of the packet is packet 1?
Packet 1 is just one of the packets for the communication between the client and the server (or between two IP addresses).
You can filter a specific IP address but how do you keep track of a specific packet within the conversation between two IP addresses.
I hope it makes sense. Thanks
Packet 1 is just one of the packets for the communication between the client and the server (or between two IP addresses).
You can filter a specific IP address but how do you keep track of a specific packet within the conversation between two IP addresses.
I hope it makes sense. Thanks
If you are capturing both sides of a single TCP connection you should see the same thing on both side.
Anyway TCP uses sequence numbers, so you can compare sequence numbers.
Anyway TCP uses sequence numbers, so you can compare sequence numbers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let's say there are many "topics" in a conversation. So tracking the beginning and the end of each topic will allow me to get the number of bytes and the duration for each "topic". That is what I am getting at.
I was trying to look for the sequence number of the packet on the other end and I could not find a match.
I was trying to look for the sequence number of the packet on the other end and I could not find a match.
Lets take a step back. What higher level protocol are you trying to capture?
That is: http, cifs, telnet, ftp, ssh.
That is: http, cifs, telnet, ftp, ssh.
ASKER
http
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
private WAN (MPLS).
I see the matching client and server IP addresses on both side.
I did setup the filter for the IP address:
- serve side filter (ip.addr==10.10.10.10). 10.10.10.10 is the client
- client side filter (ip.addr==10.10.20.1). 10.10.20.1 is the server.
There is no NAT involved,
I see the matching client and server IP addresses on both side.
I did setup the filter for the IP address:
- serve side filter (ip.addr==10.10.10.10). 10.10.10.10 is the client
- client side filter (ip.addr==10.10.20.1). 10.10.20.1 is the server.
There is no NAT involved,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes. I am looking for the duration for a particular function. For example, when a user clicks on the Browse_Record button. I'd like to see how long it will take for the browser to display all the records on the client side.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes. The button will trigger the GET and POST.
"it takes time for the browser to render the page and you can't measure that with a packet trace. " Agree with this. That is why I need to look at the GET and POST.
"it takes time for the browser to render the page and you can't measure that with a packet trace. " Agree with this. That is why I need to look at the GET and POST.
O.K. Again, all you need is from the client side, unless you are trying to isolate server and network time.
ASKER
it is not obvious sometimes to see the beginning and the end of a GET or POST transaction.
Maybe I missing something. Why do you say that?
For example to filter to see a single IP address, in the white box next to the word filter on the left above the packets, type in ip.addr==10.10.10.10 and hit apply to see only packets from that one address.