Printable View
Hi all,
I hav been trying to learn to interpret the network traffic. I have been taking traces with some sniffers including ethereal. I am looking for some related info. e.g
1. How many TCP retransmitts are normal on a network.
2. How much delay between the packets is acceptable.
3. Are there any common errors/problems which could be kept in mind?
4. How much response time in ping is acceptable.
Any related links/info. will be apreciated!
Thnaks in advance!
None. A retransmit means the packet got lost 'on route' which can mean routing problems and/or hosts down and/or firewalls.Quote:
Originally posted here by doiexist
Hi all,
I hav been trying to learn to interpret the network traffic. I have been taking traces with some sniffers including ethereal. I am looking for some related info. e.g
1. How many TCP retransmitts are normal on a network.
This depends on your network layout. The more switches/routers the packet has to travel through the bigger the delay. There's also a difference in latency on ethernet and i.e. ATM.Quote:
2. How much delay between the packets is acceptable.
Badly configured speed/duplex settings on the host and/or switch. Incorrect routing. IP address conflicts, bad subnetmasks etc. Just like Murphy said: "Anything that can go wrong, will go wrong" (at the worst possible moment I might add ;) ).Quote:
3. Are there any common errors/problems which could be kept in mind?
This is directly related to point 2.Quote:
4. How much response time in ping is acceptable.
Thanks, But I was not looking for the reason's/definations..... BUT the aceeptable/non acceptable limits and how to actually calculate them for some particular network. What metrics to keep in mind..? like response time in miliseconds...how to calculate the normal response time for a network? I understand why a retransmit would occur but I think some retransmitts are normal for any network ...right ?.. so how many retransmits should alarm us...?
thanks!
if your network is working correctly, and isnt having a lot of collisions, retransmits shouldnt happen. how about giving us some details... do you have hubs or switches? how big is the network? etc
switches should pretty much take care of collisions... but if you are on "dumb" hubs youll prolly see a lot of collisions if the net is busy... then you will get a lot of retransmits.
routers and switches arent perfect,...
There really is no standard way to alarm on network performance. You really have to take a lot of different captures at different times, while also recording the user experience on the network. As every different network performs differently, using a standard profile to alarm will not always work.
That is really the reason I prefer to use MS Netmon. There are some automatic analyzing tools included in netmon that will help you set baselines, or look for trouble spots on the network.