Using WireShark to Troubleshoot Network Performance.

I have a user who when tries to restore a Quickbooks database that is 100M stored on the server over the network takes hours.  When he copies the db from the server to his desktop which takes a few seconds then tries to restore it the process takes less then a min.  I would like to use wireshark to possibly identify the issue.

  1. Do i need to run Wireshark on his computer or on any computer to see if there are any issues?
  2. What should i be looking for?
  3. Should i attach a capture file or is that not secure?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
1) his computer as that would provide the best info
2) i suspect latency issues, so  time between request & answer packets.  
3) Don't attach data that should not be public.... if you need info on some data you can possibly use a blurred image from a screen shot?

wireshark has a companion named tshark that can provide text output from a capture, then it can be redacted in case there is sensitive info in the data.

Another issue can be the program is badly written and opens/closes the files a lot.
noclavAuthor Commented:
The server is a Hyper V running Server 2016 and i setup a Guest VM windows 7 box with wireshark. While wireshark was capturing i connected to the file server which is also a guest on this Hyper V Host and tried to browse a share which was taking a long time to load. I started to see alot of TCP Keep-Alive ACK and TCP Retransmissions. Could this point to the server as the problem?
nociSoftware EngineerCommented:
No not exactly.. The system sending retransmissions is missing ACK's... the system not sending ack's might be too busy... ?
It might be a mismatch of drivers, If you run all on one Hyper-V there might be lack of CPU capacity on the host to handle both the server side and the client side of the connection.... and the network forwarding.  This might be agravated by lack of memory which might cause whole VM's to get swapped...
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

noclavAuthor Commented:
yes your exactly correct. I increased cpu and ram for the windows 7 box and when i connected to the file server it was instant. no errors.
noclavAuthor Commented:
I connnected to the Main switch which is a HP Procurve 2510 (J9279A) on FW Y.11.01, ROM N.10.02

I see Excessive CRC/Allignment errors and Too many Undersized/Giant Packets on Port 12.

This is the port that is connected to another 8 port unmanaged Cisco 100/1000 switch.  The computers that are having the slow performance are connected to this 8 port switch.

Here is what i did and no luck.

I ran a new cable (CAT6) from the 8 port switch to the jack on the wall that is connected to port 12.  Same results.

I found another unused jack on the adjacent wall and ran the new patch cable  (CAT6) from that jack to the 8 port switch. Same error but now referencing port 5.

I know the  firmware is old and not sure if i can update straight to version 11.52?  Maybe this is a bug in the old version or i could have 2 bad cables in the wall.

Another issue is when i connected my laptop to the jack that is connected to Port 5 i got saw the same errors CRC and giant packets.

Two things i would like to know if i can update the firmware direct to 11.52 and if i should enable STP as a best practice as its disabled by default.  There is no special config on this switch just basic config with all defaults.
nociSoftware EngineerCommented:
Excessive Alignment errors + CRC + short packets mosty indicates a half duplex connection is connected to full duplex conection.
So check your port settings.    Speed must be equal other wise the don't link up. Duplex is another thing.
Full Duplex may send at will, a Half duplex side must wait once the other side starts sending.
When the signals cross each others early on it is called colission and bot side should hold off a random pause and retry.
If the collision is later (FD side doesn;t wait until end of packet), then you get CRC error,  Sort frame errors (as the half duplex side WILL stop on collisions) etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
noclavAuthor Commented:
could this be because they have some old cat 5 cable connected to a gigabit switch?
nociSoftware EngineerCommented:
Can be if 1Gbps is configured. cat 5e should be acceptable in many cases.
foor 100Mbps cat 5 should be fine.

for the 10GBE connection you will need a better cable.
noclavAuthor Commented:
all ports on the Procurve are configured for Auto. What are your thoughts on updating firmware to the latest verson?
noclavAuthor Commented:
i changed port 12 to Auto  - 100 and problem fixed.
noclavAuthor Commented:
Thank you very much.
nociSoftware EngineerCommented:
Most important DUPLEX setting (FDX vs HDX) with different speeds it won't even start to work, with FDS/HDX mismatch it seems to work unless you start to put some real traffic over it (esp. from the FDX side of a cable).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.