Wireshark-users: Re: [Wireshark-users] Troubleshooting slow network
From: Cheikhou Dramé <dramecheikhou@xxxxxxxxx>
Date: Sun, 2 Dec 2012 22:23:15 +0000
Thanks for your precious help .I'm configuring a firewall-gateway (with two interfaces) on centos 6 , i will give additonal information.
2012/12/2 Martin Visser <martinvisser99@xxxxxxxxx>
Just to be clear, 2 packets, 1ms apart IS 1000 pps - just not typically valid for extrapolation that might make you t think the network is busy
Regards, Martin
MartinVisser99@xxxxxxxxx
On 3 December 2012 08:59, Martin Visser <martinvisser99@xxxxxxxxx> wrote:Cheikhou,A couple of things.1. The packets per second column is an anomaly in this case. You only have a few packets (most show 2). So the calculation of pps is really going to be skewed here. (2 packets very close to each other, say 1ms apart, would be interpreted as 1000 pps - clearly not right).2. This isn't going to tell you anything about Internet usage. You are only seeing the "leaked" traffic from multicasts to your port.You will need to get someway of getting the traffic on the Internet link. There are a few switches available for only a few hundred dollars that can do port-mirroring. Another way is to set up a PC (Linux is best) in bridge mode, and run Wireshark on this as it sees the traffic go by.Regards, Martin
Regards, Martin
MartinVisser99@xxxxxxxxx
On 3 December 2012 00:57, Cheikhou Dramé <dramecheikhou@xxxxxxxxx> wrote:Le 02/12/2012 04:04, Martin Visser a écrit :
Multicast on UDP port 1900 will be SSDP or now known as UPnP, Universal Plug and Play. This is just a control protocol used to discover services on the network. The traffic you see might be PC or the like advertising they have Audio/Video available, or your router advertising that a PC can use it to open up it's firewall (for games/bittorent etc).
As it is really just a control protocol, not for sending actual data payloads, 15K packets/sec seems very high. Are you sure this is correct. You can identify the source from the source address - which will be unique on your network - or probably in the packets themselves. (You might need to set UDP port 1900 to be decoded as SSDP).
When you say the network is "slow" you need to be more specific. Is this only to/from the Internet or also LAN to LAN?
Also don't forget that when you do a Wireshark capture on just a regular switch port - you will ONLY see your own traffic and multicast/broadcast traffic. Hence you might not be seeing the greater proportion of traffic in your network. To this you need to enable port-mirroring on your switch and use Wireshark in promiscuous mode.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- Re: [Wireshark-users] Troubleshooting slow network
- From: Martin Visser
- Re: [Wireshark-users] Troubleshooting slow network
- From: Cheikhou Dramé
- Re: [Wireshark-users] Troubleshooting slow network
- From: Martin Visser
- Re: [Wireshark-users] Troubleshooting slow network
- From: Martin Visser
- Re: [Wireshark-users] Troubleshooting slow network
- Prev by Date: Re: [Wireshark-users] Troubleshooting slow network
- Next by Date: [Wireshark-users] Writing PcapNG with nanosecond timestamps
- Previous by thread: Re: [Wireshark-users] Troubleshooting slow network
- Next by thread: Re: [Wireshark-users] Troubleshooting slow network
- Index(es):
- Get Wireshark
- Download
- Code of Conduct