Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Possible network latency

From: "Albert Jurado" <ajurado@xxxxxxxxxxxxxxxx>
Date: Wed, 2 Jul 2008 10:39:40 -0400

I’m in the mist of troubleshooting possible high network re-transmissions.  I’m basically attempting to capture enough data to prove that the network is not the bottle neck.  I have complaints from user that their systems are slow but it seems that the application they are using is the bottleneck.  We have several in-house developed applications that the end users uses that communicates with a SQL server.  They also browse the internet frequently.  I’ve been looking for articles that describe what the average re-transmission rate is for a standard TCP/IP networked workstation but I could not find any.  I’ve attempted a simple test like running the trouble application and then performing a simple copy & paste (of a 1gb file) from a file server to the workstation’s desktop while pinging the SQL server at the same time and I did not see the time change from <1ms.  The application ran slow.  Plus the file copied over without any issue.

 

A brief description of the network is as follows.  We have 5 floors with each floor having a wiring closet.  In each closet we have a Cisco 3750 cluster of switches.  Each floor has fiber running down to the core switch on the 2nd floor.

 

The reason we suspect re-transmission is because some workstations show a high “segments retransmitted” when you run netstat –s.  If I run Wireshark on the suspect workstations what should I be looking for in the capture?  Will I capture re-transmission that corresponds to the netstat –s output?

 

Thx.

 

 

Albert