Jim, If you can capture on both sides of the firewall with two time synced WS systems then you can merge the trace files and note the delay at the firewall.
10% is really high - now it may be that there is packet loss somewhere upstream (closer to the HTTP server) and it's not your firewall's fault at all. When we a high number of lost packets (which, during the file download will cause duplicate ACKs from the client and retransmissions from the server) we'll run ping potter or ping path to identify where packet loss may be occurring - you're kind of comparing apples to oranges, however and may find your itty bitty pings go flying through while larger packets are dropped. We have noted a router upstream from us that is dropping packets through this process, however. Do you only find the packet loss when the firewall is in place? Have you tried jacking in outside the firewall to perform the same download? What latency times are you seeing? If your duplicate ACK count gets really high (not just up to DUPE ACK #2 or so), then you may look into latency issues as well. Laura [EMAIL PROTECTED] This message is intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any use and/or dissemination of this communication is strictly prohibited. If you have received this communication in error, please delete all copies of the message and its attachments and notify the sender immediately. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Small, James Sent: Friday, March 02, 2007 8:51 AM To: Community support list for Wireshark Subject: [Wireshark-users] Question on Internet Performance Troubleshooting Hello, Recently while installing a firewall for someone, I noticed that the firewall seemed to cause/exacerbate Internet performance issues. There were some issues even without the firewall, but the firewall definitely made the issues significantly worse. Of course I used Wireshark to perform a whole bunch of captures but I could not figure out anything definitive. I did notice that when I had a "problem" connection which would exhibit erratic throughput (for example, an http download), that there seemed to be a fairly high number of duplicate acks/retransmissions/out of order packets - around 10%. My question is - for trying to monitor/isolate/troubleshoot network performance problems, are there any addition ways I can leverage Wireshark or use complimentary tools? What about simulation? Would anyone recommend something like this to help? If so, could you recommend a tool to use in concert with Wireshark? Thanks, --Jim _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
