Limitations of a Laptop: When Does It Start Dropping Packets?
11.07.2015 Views
Share Embed Flag

Limitations of a Laptop: When Does It Start Dropping Packets?

Limitations of a Laptop: When Does It Start Dropping Packets?

Limitations of a Laptop: When Does It Start Dropping Packets?

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
  • No tags were found...
sharkfest.wireshark.org

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

1Capture <strong>Limitations</strong> <strong>of</strong> a <strong>Laptop</strong>Chris Greer – Network AnalystPacket Pioneer

Presenter• Chris Greer– Packet Pioneer LLC (2010)– Focused on Network and Application PerformanceAnalysis– Pre-deployment Network Assessments– Deliver training on Wireshark, Fluke Networks, othervendors.2

Agenda• Why do I care?• At what point does thelaptop start droppingtraffic?• How can I tell in a tracefile?• Optimizing Wireshark• Considering a hardwarebased capture device• <strong>Laptop</strong> shootout• Lab 1: <strong>Laptop</strong> shootout –default settings <strong>of</strong>Wireshark• Lab 2: dumpcap or tsharkresults• Lab 3: OptimizedWireshark capture3

5Why do I care?

Wireshark Downloads• Estimated at 500,000 per month – Wireshark NetworkAnalysis Study Guide• How many <strong>of</strong> these downloads are to laptops?• How many <strong>of</strong> these users leave the optimizationsettings at the default rate?• Very likely – MOST!6

<strong>Laptop</strong>s have a purpose• Email, Web, Work Applications, Music Players,etc…• Make their owners mostly happy• Network Analysis is not the purpose <strong>of</strong> most laptops7

Is 1Gig really capturing at 1Gig?• A laptop likely has a 1Gig interface. <strong>Does</strong> that meanthat it can capture traffic at that rate?• Most <strong>of</strong> us agree – no.• So, when does it start dropping packets?• At what utilization point do we really need toconsider a hardware-based appliance?1001101001010010101011001001000111010 8

Lab 1 – Capture limitation on default settingsAggrega=on Switch This is not emulated traffic – it is an easily configurable packet generator. 9

How about command line?• Tshark, dumpcap? Similar result?• Lab 2 – Capturing with dumpcap10

What do dropped packets look like?• Expert Info:– Previous Segment Lost– ACKed Lost Packet– Out <strong>of</strong> Order• Dropped Counter11

Optimizing Wireshark• Don't use Update list <strong>of</strong> packets in real time in thecapture options dialog, to remove system load• Increase the Buffer size in the capture optionsdialog (set it to a reasonable value e.g. 10MB,depending on your systems memory size)• Don't use capture filters12

13Lab 3: Capturing with Optimized Wireshark

This doesn’t only affect laptops• Capture methods are affected too.• A SPAN or Mirror port can be overprovisioned• Especially when spanning a full VLAN or severalgigabit ports at one time14

15SPAN/Mirror Example

SPAN vs. Tap Results• Tap Capture Results• <strong>Packets</strong> captured: 133,126Delta Time at TCP Setup: 243uSec• SPAN Capture Results• <strong>Packets</strong> captured: 125,221Delta time <strong>of</strong> TCP connection setup: 221 uSec16

Hardware Based Capture• Designed to capture at full line rate up to 10Gbps• Stream to disk with no gaps or drops• TurboCap NIC from Riverbed• Cascade Appliance from Riverbed17

Questions?• Thanks for Attending!18

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!