Wireshark-users: Re: [Wireshark-users] Filtering Network address
From: "Muhammad Ghazali" <[email protected]>
Date: Tue, 20 Feb 2007 10:59:01 +0700
On 2/20/07, Muhammad Ghazali <[email protected]> wrote:
On 2/20/07, Guy Harris <[email protected]> wrote:
>
> On Feb 19, 2007, at 6:46 PM, Muhammad Ghazali wrote:
>
> > Can you tell me the trick how to measure the response time of the web
> > application and the smtp response by manually looking at the packet?
>
> Web and SMTP?  You said
>
>         I want to measure the response time of a web application and the smtp
> server from a branch office ...
>
> Are you measuring two different things (the response time of a Web
> application to HTTP requests, and the response of an SMTP server to
> SMTP requests), or is this a Web application that causes e-mail to be
> sent, so that the user fills out a form and clicks a button, and a
> mail message is generated and sent as a result of clicking the button?

In fact, I'd like to measure the response time of 3 different things.
- The web applcation,
- web based email where a web application cause email to be sent,
- and smtp session where I will send (and receive) email from email
client (outlook express or other MUA).
So for all of them, I will surely capture only packets coming from and
going to the web server.

What do you suggest to filter for the second case where i will measure
the response time of sending email form the web mail?
Is it to filter packet coming from and goin to the web server?
Or just filter the address of my host?
Or both (filter the address of the web server and my wireshark host)?

And how to do the measurement?
Is it "Follow TCP Stream" will do the job?

Any explanation or experience or other kind of share would be greatly
appreciated.