Νo, unfortunately I can't ping from one endpoint to another. No route.
Thanks
From: Ed Hoeffner <hoeff001@xxxxxxx>
To: 'Community support list for Wireshark' <wireshark-users@xxxxxxxxxxxxx>
Sent: Thursday, April 2, 2015 11:14 PM
Subject: Re: [Wireshark-users] Identifying packets beyond proxies
Hi
You could ping one or both of the endpoints from the other to provide a reference point in each capture. Those packets will stand out…
Ed
I have to investigate on slow speed in the pick hours when our users surf the internet.
The first problem is that we use three proxies throughout our network (A, B and C) until the last one(C) connects
to the web server through the last firewall.
The second problem is, we use the BitBox Enterprise solution which means that any connections
connect over a vpn to he BitBox gateway and then the traffic continues through the other proxies in clear
which means I can't follow a connection from the initiating client.
My approach is to capture the traffic on all intermediate stations in order to find out the RTTs of several http packets
when they enter the proxy A (Ironport) and when the same packet leaves the internet firewall.
If this time is too long then I try to find the bottleneck inside our network.
So I tried a few tests accessing some unusual pages just to be sure that they are not in any of the caches and no one else is
accessing them while I'm testing.
My question is now how I can reliably identify a packet along the whole path(at any intermediate capturing device)?
Are the rel. SEQ# in Wireshark reliable enough? or at least a series of identical SEQs?
Or is there a better way to do that?
