I’ve used Wireshark before and I’ve configured some settings, today I want to follow a tutorial on analyzing web traffic through Wireshark to troubleshoot a slow connection.
In this tutorial we are taught a neat trick right off the bat! We can label IP addresses to help keep track of the communication between devices, as packet files get more complex this will be extremely helpful.
First thing to check is the options this is exchanged at the begging of the three way handshake. We can see in the options is window scaling, this allows a multiplier that lets you send more data. The thing is both client and server have to agree on options otherwise it’ll fall back to NO options or lowest common denominator.
Another thing we can look for is the slowest packet. The Delta time is the time between the last packet sent and the current packet. We can sort by delta time and see packet 51 is the slowest.
Look at the packet size, we can see earlier in the pcap that the amount sent by the server stays the same but the amount received by the client slowly starts to fall.
Leave a Reply