dokucama

User Tools

Site Tools

Trace: supervised_learning knowledge_graphs
network_stuff:wireshark:ws_analysis

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

network_stuff:wireshark:ws_analysis [2024/05/01 09:14] – created jotasandokunetwork_stuff:wireshark:ws_analysis [2024/05/01 09:15] (current) jotasandoku
Line 1: Line 1:
 issues in HTTPS API transactions: issues in HTTPS API transactions:
  
-### 4. Time Analysis:+### 1. Time Analysis:
    - **Measure Delta Times**: Use Wireshark's "Delta time" measurement to understand the time difference between consecutive packets. Large delta times can indicate network congestion or slow processing times at the sender or receiver.    - **Measure Delta Times**: Use Wireshark's "Delta time" measurement to understand the time difference between consecutive packets. Large delta times can indicate network congestion or slow processing times at the sender or receiver.
    - **Detailed RTT Analysis**: Calculate the RTT for different phases of the connection. Pay particular attention to the RTT during the initial handshake and when the connection is fully established. Look for variations in RTT at different times which could indicate fluctuating network conditions.    - **Detailed RTT Analysis**: Calculate the RTT for different phases of the connection. Pay particular attention to the RTT during the initial handshake and when the connection is fully established. Look for variations in RTT at different times which could indicate fluctuating network conditions.
    - **Identify Packet Timing Anomalies**: Compare the timestamps of packets sent and received to identify any anomalies in transmission times, such as unexpected delays in ACKs or gaps between data packets.    - **Identify Packet Timing Anomalies**: Compare the timestamps of packets sent and received to identify any anomalies in transmission times, such as unexpected delays in ACKs or gaps between data packets.
  
-### 5. Flow Control and Window Size Analysis:+### 2. Flow Control and Window Size Analysis:
    - **TCP Window Size Analysis**: Continuously monitor the TCP window size throughout the communication. Note changes in the window size in response to network conditions.    - **TCP Window Size Analysis**: Continuously monitor the TCP window size throughout the communication. Note changes in the window size in response to network conditions.
    - **Advertised Window Size**: Focus on the advertised window size from the receiver, which tells the sender how much data can be sent before requiring an acknowledgment. A consistently small advertised window could be a bottleneck.    - **Advertised Window Size**: Focus on the advertised window size from the receiver, which tells the sender how much data can be sent before requiring an acknowledgment. A consistently small advertised window could be a bottleneck.
Line 12: Line 12:
    - **Zero Window Events**: Pay special attention to any zero window announcements, which pause data flow. Analyze what leads up to these events and how quickly the window reopens.    - **Zero Window Events**: Pay special attention to any zero window announcements, which pause data flow. Analyze what leads up to these events and how quickly the window reopens.
  
-### 6. Application Layer Review:+### 3. Application Layer Review:
    - **API Call Analysis**: For each HTTPS request and response, check the sequence and acknowledge numbers to ensure all data is transmitted and acknowledged in order. Discrepancies might indicate packet reordering or loss.    - **API Call Analysis**: For each HTTPS request and response, check the sequence and acknowledge numbers to ensure all data is transmitted and acknowledged in order. Discrepancies might indicate packet reordering or loss.
    - **SSL/TLS Handshake Delays**: Analyze the time taken to complete SSL/TLS handshakes. Repeated or lengthy handshakes can significantly affect performance and should be investigated, especially in setups with frequent session renewals.    - **SSL/TLS Handshake Delays**: Analyze the time taken to complete SSL/TLS handshakes. Repeated or lengthy handshakes can significantly affect performance and should be investigated, especially in setups with frequent session renewals.
    - **Content Size and Frequency**: Evaluate if the transmission frequency and content size are optimized for performance. Large, frequent transmissions might be more efficiently handled in smaller, more manageable sizes depending on the application requirements.    - **Content Size and Frequency**: Evaluate if the transmission frequency and content size are optimized for performance. Large, frequent transmissions might be more efficiently handled in smaller, more manageable sizes depending on the application requirements.
  
-### 7. Compare Source and Destination:+### 4. Compare Source and Destination:
    - **Timestamp and Event Alignment**: Make detailed comparisons of events and their timestamps from both pcap files to determine where latency is introduced in the path from source to destination and back.    - **Timestamp and Event Alignment**: Make detailed comparisons of events and their timestamps from both pcap files to determine where latency is introduced in the path from source to destination and back.
    - **Analyze Packet Flow Consistency**: Ensure that the sequence of packets and their acknowledgments are consistent between source and destination. Look for any anomalies like unexpected delays or missing acknowledgments that could indicate dropped packets or network issues.    - **Analyze Packet Flow Consistency**: Ensure that the sequence of packets and their acknowledgments are consistent between source and destination. Look for any anomalies like unexpected delays or missing acknowledgments that could indicate dropped packets or network issues.
    - **Investigate Path Asymmetry**: Identify if the network path characteristics differ in each direction. This could involve different routes with varying latencies, potentially due to routing policies or network topology.    - **Investigate Path Asymmetry**: Identify if the network path characteristics differ in each direction. This could involve different routes with varying latencies, potentially due to routing policies or network topology.
  
-### 8. Performance Counters:+### 5. Performance Counters:
    - **Network Interface Metrics**: Examine metrics such as bandwidth usage, packet errors, and drop rates on both sender and receiver ends. High rates can point to physical network issues or configuration errors.    - **Network Interface Metrics**: Examine metrics such as bandwidth usage, packet errors, and drop rates on both sender and receiver ends. High rates can point to physical network issues or configuration errors.
    - **Resource Utilization Trends**: Correlate times of high latency with spikes in CPU, memory, or disk usage. This can indicate whether the server's resources are being stretched by the workload.    - **Resource Utilization Trends**: Correlate times of high latency with spikes in CPU, memory, or disk usage. This can indicate whether the server's resources are being stretched by the workload.
    - **System and Application Logs**: Review system logs for any errors or warnings that coincide with times of high latency. Application logs might also reveal inefficient handling or processing delays.    - **System and Application Logs**: Review system logs for any errors or warnings that coincide with times of high latency. Application logs might also reveal inefficient handling or processing delays.
  
---++ +----
-SACK+
  
 +Specifics for SACK:
  
-### 4. Time Analysis:+ 
 +### 1. Time Analysis:
    - **Incorporate SACK into RTT Calculations**: When calculating RTT, consider how SACK might influence the timing. For instance, if SACK is used to acknowledge non-contiguous blocks of data, look at whether this affects the time a sender waits before retransmitting.    - **Incorporate SACK into RTT Calculations**: When calculating RTT, consider how SACK might influence the timing. For instance, if SACK is used to acknowledge non-contiguous blocks of data, look at whether this affects the time a sender waits before retransmitting.
  
-### 5. Flow Control and Window Size Analysis:+### 2. Flow Control and Window Size Analysis:
    - **SACK Analysis for Flow Control**: Analyze instances where SACK is used to determine its impact on flow control. SACK allows the receiver to inform the sender about all segments that have arrived successfully, which means the sender can retransmit only the missing data segments, potentially reducing the recovery time from packet loss.    - **SACK Analysis for Flow Control**: Analyze instances where SACK is used to determine its impact on flow control. SACK allows the receiver to inform the sender about all segments that have arrived successfully, which means the sender can retransmit only the missing data segments, potentially reducing the recovery time from packet loss.
    - **Window Size Adjustments with SACK**: Observe how the window size is managed in conjunction with SACK. Effective use of SACK should minimize the need for drastic window size reductions due to packet loss, as only the missing segments are retransmitted.    - **Window Size Adjustments with SACK**: Observe how the window size is managed in conjunction with SACK. Effective use of SACK should minimize the need for drastic window size reductions due to packet loss, as only the missing segments are retransmitted.
  
-### 6. Application Layer Review:+### 3. Application Layer Review:
    - **Impact of SACK on Application Performance**: Analyze the time intervals in which SACK is negotiated and used. Assess whether the use of SACK correlates with improved performance metrics, such as reduced API response times in the presence of packet loss.    - **Impact of SACK on Application Performance**: Analyze the time intervals in which SACK is negotiated and used. Assess whether the use of SACK correlates with improved performance metrics, such as reduced API response times in the presence of packet loss.
    - **Consistency and Efficiency of SACK Implementations**: Verify that both the sender and receiver support and correctly implement SACK. Incorrect or inconsistent implementations can lead to inefficiencies and increased latency.    - **Consistency and Efficiency of SACK Implementations**: Verify that both the sender and receiver support and correctly implement SACK. Incorrect or inconsistent implementations can lead to inefficiencies and increased latency.
  
-### 7. Compare Source and Destination:+### 4. Compare Source and Destination:
    - **SACK Operations Across Captures**: Compare the SACK operations as seen in the pcap files from both the source and destination. This can help identify if packet losses are being signaled and handled efficiently in both directions.    - **SACK Operations Across Captures**: Compare the SACK operations as seen in the pcap files from both the source and destination. This can help identify if packet losses are being signaled and handled efficiently in both directions.
    - **Identify Discrepancies in Packet Recovery**: Look for discrepancies in how packet recovery is handled between the source and destination. Effective use of SACK should show a minimized number of retransmissions for the same loss.    - **Identify Discrepancies in Packet Recovery**: Look for discrepancies in how packet recovery is handled between the source and destination. Effective use of SACK should show a minimized number of retransmissions for the same loss.
  
-### 8. Performance Counters:+### 5. Performance Counters:
    - **Correlate SACK with Network Performance Metrics**: Look for correlations between the use of SACK and network performance metrics such as throughput and error rates. Effective use of SACK should ideally correlate with lower retransmission rates and higher throughput, especially in congested networks.    - **Correlate SACK with Network Performance Metrics**: Look for correlations between the use of SACK and network performance metrics such as throughput and error rates. Effective use of SACK should ideally correlate with lower retransmission rates and higher throughput, especially in congested networks.
  
network_stuff/wireshark/ws_analysis.1714554845.txt.gz · Last modified: by jotasandoku

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki