Диагностируем ошибки TCP по этим видео... Потом пытаемся понять, что за ошибки имела в виду Laura Chappell

Здесь я заготовил два видео с текстом "Create the "Golden Graph", "Find TCP Problems Fast ..." in Wireshark (Correlate Low Bandwidth with TCP Errors)". Хочу выяснить, что автор считает "TCP Errors". Оказывается, их можно скопировать из "Coloring Rules" ... В итоговый график включить обычный TCP и отфильтрованый... и использовать логарифмический масштаб, как на картинке из видео1...
А из второго видео пытаемся понять, что это за фильтр: tcp.analysis.flags && !tcp.analysis.window_update

In []:

tcp.analysis.flags && !tcp.analysis.window_update

Wireshark Network Analysis The Official Wireshark Certified Network Analyst Study Guide Author: Laura Chappell, Founder of Wireshark University Foreword: Gerald Combs, Creator of Wireshark
Wireshark Network Analysis (2nd Ed.) - 2010kaiser

In [2]:

from IPython.display import Image
Image(filename='C:\\Users\\kiss\\Pictures\\pythonR\\cp_1.png')

Out[2]:

Можно и видео посмотреть и тщательно просмотреть текст¶

In []:

0:07now I use the golan graph to identify
0:11network errors and carlito's network errors with drops in throughput
0:15if I see a drop in throughput at the same time where I see various TCP airs
0:21thank you get the general idea that I'm troubleshooting a network problem and
0:24i'm looking for things like lost packets or a
0:26a window 0 condition this is the
0:30only time when I will make and save a display filter
0:34in the old days with Wireshark I would may can save a bunch of display shelters
0:38but nowadays we use the filter expression area just much faster than
0:42just pulling up filters in the filter area
0:45the filter that we're going to create and safe will be based on the bad TCP
0:50coloring rule
0:51so instead of typing it from scratch I'm going to open up the
0:54coloring rules window and I'm going to take this bad TCP coloring rule string
1:04animus save that as a separate display filter
1:07to do that I'll just double click on the bad TCP coloring line
1:11and I'm going to copy the entire string and we can see the content of the string
1:16it's basically looking for all TCP announced just like packets
1:20but not window updates because we know a key to good
1:24so many copy that and they'll disclose down
1:28the scoring rules window now to create and save a new display filter
1:33I can either click on this Filter button on left hand side of the display filter
1:37toolbar
1:38or we can click on the display filter icon on
1:42the main toolbar saw click on the
1:45display filter icon on the toolbar here
1:48all of our display filters that are saved and I'm going to click new
1:52they remember if you don't see your
1:55new display filter on this list up above
1:58it won't be saved you always have to click the New button to create a new
2:02display filter
2:03I'm gonna call this display culture they say to some pretty bad
2:07TCP because based on the bad TCP coming rule
2:10and then I'm going to paste in that string that I just copied
2:14and a click okay because I just created
2:20Wireshark assumes that I want to apply it to the trace file
2:24the trace how we're going to work in to create this
2:27golden graph is called TR dash YouTube bad
2:32dot P cap NG I will clear that
2:36filter out because I don't want to be applied at this point I don't need it
2:39now I'm ready to create the golden graph go up to statistics
2:45and simply select I L graph now we're sure
2:50create a basic I O Graph and we can see
2:54there's the throughput level all the traffic
2:58in the trace file and in graph
3:01to I want to place my bad TCP
3:05shelter so instead of typing in each time
3:09or cutting and pasting it out of my coloring rules I've saved it as a filter
3:14and I can access it quickly now by just simply clicking the Filter button
3:17clicking the Filter button
3:21going into the bottom of the list and there's my bad TCP filter
3:25housing okay now a click the graph
3:30two-button so that I can apply it to the graph
3:33and this is a little trick when
3:37very few TCP problems can affect
3:41the traffic it might just completely be lost you
3:45in the ground the reason is are packets per second rate which is what's being
3:49graft by default
3:50is much higher than are bad TCP
3:54per second rate and so you can even see the bad TCP
3:58packets because at that we're going to change the scale here
4:03to logarithmic the move this down so that we can see this
4:07when I do this in the y axis area
4:10under scale and change the scale from auto
4:14to logarithmic
4:17now we can start to see that we have increases
4:21in bad TCP at specific points
4:24to make even more visible I'm going to change that graph
4:27two-line to F bar format
4:31now it's very easy to see
4:34and we can see that at the time where we have drops in throughput
4:37we also have an increased in bad TCP
4:41which tells me that these drops in throughput are most likely related to
4:45TCP problems we can click on those bad TCP points in the trace file and we
4:50could see what's going on in the background
4:52to look like at this point where I clicked we have 80 window condition
4:57let's go over this point and it looks like we again have a zero window
5:00condition
5:02going back up towards beginning here again it looks like
5:05all of these drops in throughput that we are experiencing
5:08have to do with p0 window condition so I know that I'm going to be focusing
5:13on the receiver up the data to see
5:17why are you running out of paper space things that I may wanna check is
5:21are using Windows scaling in these in this connection
5:25and if we aren't using Windows scaling can I enable window scaling
5:28the server support it if so why is my client supporting a
5:32in addition I may look at one other applications are running on that client
5:36they're taking up all the processing power
5:38or is the application the client is using just simply
5:42stupid so that is the golden graph it really
5:46paint a picture and helps me figure out
5:49what my focusing on this does not appear to be a problem with
5:54airs coming back from server this is a problem
5:57dealing with TCP

Wireshark Tip 6: Find TCP Problems Fast with a "BadTCP" Button¶

Filter on tcp.analysis.flags && !tcp.analysis.window_update
Здесь

In []:

0:01hi this is Laura chapel and this is by a shark tip 6:
0:04if you wanna stay up to date with the Wireshark to series
0:07you could follow me on twitter at Laura Chappell
0:11this tip defines the following filter
0:15on TCP dotted also start flags
0:18ampersand ampersand exclamation point to see be done in all system window
0:23underscore update
0:24and click Save to make it a button well that's kinda mouthful that tip
0:28but basically what we're doing is we're taking the bad TCP coloring rules
0:33string and where filtering on that value to find
0:37any TCP problems in the trace file we click the Save
0:42to make it a button so that when we open up a tracfone we wonder if we have some
0:47to sleep problems we can
0:48quickly just click a button to see if there are such problems
0:52let me show you this and the demonstration I've opened up the trace
0:58file called HTTP docs download ash
1:01bad this the tracfone I really love because there are so many different
1:05problems in it
1:06this is the trace file you can download from Wireshark book
1:09dot com it's one of the supplements from the Wireshark network analysis book
1:13the big book I'm going to pull
1:17the bad TCP coloring rule string and went places
1:21in this filter area and then I'm going to click this Save button over here
1:25which will be available in just a moment
1:27to make it a button sucking quickly click on that button when I open a trace
1:31file
1:31to see if they're TCP problems now of course another way to do this would be
1:35simply go down to the expert button in the bottom left hand corner and open
1:39that up
1:39but I also like to have a button so that I can quickly poll
1:43all about traffic interview I'll begin by opening
1:47ap the coloring rules and there's
1:52the string that I want right here and the bad TCP coloring role
1:56I'm going to double click on it twice open it up
1:59and I'm just going to copy that string and cancel these windows
2:05out a pay stub stream
2:08in the display filter area and then I'll
2:12click the Save button Wireshark prompts be for the name for this button and I'm
2:18going to call it bad
2:19TCP with no space in their
2:22say okay now have a button up here for bad TCP
2:28a clear the filter out and if I were just open up a tracfone I'd like to see
2:33any of the packets that match that filter I'll just click this button
2:37and I can quickly see that I have packet loss in this trace file
2:41and there's all the packet loss recovery process so it's in
2:49easy and quick way to see
2:52all of your TCP style airs
2:55by just simply clicking a button if you'd like to follow along with
3:01the Wireshark tip series you can follow me on twitter
3:05at Laura Chappell for more information on where shark training or
3:10additional were short tips visit chapel you dot com

Посты чуть ниже также могут вас заинтересовать