When working with clients troubleshooting, training, or whatever they need, the topic of multi-trace analysis comes up. In some cases, the client suspects a device is dropping packets, wants to measure the latency across a device or link, or lastly wants to take a baseline measurement for their network management system.
As you well know, there are many ways to accomplish this but in this case, I am usually asked within the context of packet analysis or using multi-traces.
In this scenario, I wanted to use Wireshark, a laptop with 2 ethernet connections and a Network Critical SmartNA XL packet broker/tap. Setting a goal, set up and documentation are the three most critical steps in getting through this exercise.
My goal in this example was to prove or disprove that a firewall was dropping packets, so I won’t be worried about measuring the latency to any degree of accuracy. As I mention in my previous articles, some USB ethernet dongles add a lot of latency. I measured one that added over 300ms of latency per packet, while others weren’t consistent.
I’m sure you’ve heard that old saying “Garbage In, Garbage Out (GIGO)” which is why I try to ensure my capture tools are not part of the conversation. I know, in some cases its unavoidable, but as long as that is the exception, not the rule you will be fine.
I also try to stay away from span or mirror ports when possible for a host of other reasons I cover in past articles. In this video I use a Network Critical SmartNa XL packet broker/tap (https://www.networkcritical.com/smartna) to capture the packets. I have had people in the past request a peek into how I configure tools other than Wireshark, so I included that in this video.
Thanks
Tony Fortunato
Sr Network Performance Specialist
The Technology Firm
Getting things to work better
Linkedin Profile https://ca.linkedin.com/in/fortunat
Youtube Channel: https://www.youtube.com/@thetechfirm
NetworkDataPedia: https://www.networkdatapedia.com/blog/author/Tony-Fortunato