To make the response times easier to read, you can add them as columns to your capture. You will now see the Transum data within the packet capture. Next go to Analyze / Enabled Protocols and find Transum to enable the protocol. In this example, I added port 53 to both TCP and UDP as this was the main protocol I was interested in examining. Note that you can add other TCP and UDP service ports.
And enable the options as shown in the graphic:ĭepending on the direction of the capture, you can change the “Capture position” as needed. The bulk of that time was due to the service responding back to the client (211 ms).Įnable the Transum plug-in first by going to Preferences / Protocols. The APDU (total time from the user’s perspective) in this case was 352 milliseconds. Here is a sample of what is included in the details of a single packet. This graphic shows the different response times possible with Transum: WireShark makes this task easy with a drop down menu option. In order to get useful data for all of these response times, it may be necessary to gather packet captures from multiple points in the network and merge them into a single file. Response spread: the time transmit the whole response from the service to the client.Request spread: the time needed to transmit the whole request from the client to the service.This indicates server latency or non-network related latencies. the time between the last request packet and the first response packet). Service time: the time it takes for the service to process the request (i.e.APDU response time: the total time the user must wait for a completion of a request.There are four response time statistics provided by Transum: NET Remoting, SOAP, DCE-RPC, Kerberos, FTP, Telnet, and DNS to name a few. It provides response time breakdown for HTTP, HTTPS, SMB2, Microsoft SQL, Oracle SQL. Transum works with many protocols including: IPv4, IPv6, TCP, and UDP.
I’ll briefly show how to enable and use the tool within WireShark in this paper. Up until recently, it has been a standalone tool but with the latest versions of WireShark, it is included. This is where a handy tool like Transum comes in. If you want to go a step further and find out service time latency, it’s an even more mind-numbing and time-consuming task. Ever have the need to track down application latencies from multiple PCAPs? This is something that you can glean from the time stamps, but it is tedious.
0 kommentar(er)
