The distance between the ACKs and the TCP data at a given point in time represents the bytes in flight. The gray line below that are the ACKs from the receiver. The longer the I-beam, the more data per packet. The little black I-beams represent TCP data segments. The steeper the line, the higher the throughput. The slope of the line would be the theoretical bandwidth of the pipe. Ideally you’d want to see a smooth line going up and to the right. The sequence number increases by 1 for every 1 byte of TCP data sent. Sequence numbers are representative of bytes sent. Here’s a zoomed in screencap with some annotations: Again, it is only showing you data flowing in one direction. So if a client is downloading a file from an FTP server you must click on a packet from the server before generating the graph. By definition, a stream is moving in one direction. The Time-Sequence graph shows a data stream over time. I’ll be showing you how to use the time sequence graph in my next video, but for now let’s talk about how to interpret the lines and colors and markings. At a glance I can tell if this is going to be an easy one to analyze or if I’m gonna have to roll up my sleeves and dive in deeper. If I’m troubleshooting a performance issue, one of the first tools I reach for in Wireshark is under Statistics > TCP StreamGraph > Time-Sequence Graph (tcptrace).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |