Wireshark is a free network protocol analyser - it captures information about all network activity from your computer and can be used in diagnosing problems you may have with network performance, be it general or for a specific application. Wireshark can be downloaded from here. Choose the file appropriate to your computer's operating system. Note that a Windows portable version is also available which can be installed on a USB key. Wireshark was written by an international group of networking experts, and is open source software. Plusnet cannot be held liable for issues that arise from the download or use of the software. [Top]
2. When To Use Wireshark
If you think that a particular application is transferring data slowly or performance is not what should be expected, Wireshark can help determine that your data is being prioritised correctly. [Top]
Firstly, start Wireshark by double clicking the application icon on your desktop:
Select Options from the Capture menu:
Select the relevant network interface from the drop-down at the top of the Options window. If you are using a router this will be your Network (NIC) card. If you are using a USB modem the interface is still likely to be listed as a network adapter. However you should be able to find this from its description.
At this stage you should also enter a descriptive name in the File: field. By default this is pointed at your desktop:
At this point, it is best to shutdown any other applications that might be causing network traffic like IM clients, email clients and Peer-to-Peer applications. Failure to do this can make it difficult to interpret the captures.
Click Start to start capturing traffic:
Once the packet capture has begun you can open the application or download for which you want to check the priority of. Important: you should only do this after the packet capture has started.:
Here we're downloading a HTTP file from mirror.ac.uk:
Packet captures can result in fairly large files if left running for long. You only need to capture about 10 seconds of traffic. After this time click Stop:
Now the data is captured you will need to store the results in a file. Select Save As from the file menu:
Save the file with a relevant filename ready to send to us. Please ensure you save the file as a Wireshark .pcap file and then compress it into a .zip file.
The following information shows you how to interpret the data that has been captured by Wireshark.
The screenshot below is a packet capture taken just before and during a http download of a Linux ISO from mirror.ac.uk.
We need to locate a packet that has been sent from the download source to your computer. It is important that we capture traffic that is traveling in this direction (to the customer) as upstream traffic will not have been marked by the Ellacoyas.
Look at the line highlighted in green that shows a packet that has been sent from the IP address 220.127.116.11 to the IP address 192.168.1.2.
192.168.1.2 is a local IP address; 18.104.22.168 is the IP address for mirror.ac.uk as we can see from nslookup:
The originating server belongs to Astraweb who provide Binary Usenet access. 0x20 denotes traffic that has been marked for the Bronze traffic queue. Again this is correct for the type of traffic that has been captured.
If you find that your traffic has been incorrectly prioritised you can supply us with the captured data so we can get this looked into. Please contact our support team who will advise you of how to provide this capture to us. [Top]