Wireshark itself is a great tool (which I’ll probably talk about later). But a great tool (not to mention a great FREE tool) is not the same as a good that’s necessarily easy to use.
That’s not WireShark’s fault. Packet capture and analysis is by it’s nature not easy. Which is why I’m starting with the solution to that challenge before I dig into the Wireshark itself.
The Response Time Viewer for Wireshark is a free utility that takes a packet capture file from Wireshark, and parses it to show the timing of each application or protocol.
Now let me unwind that a bit.
By the time you get to the Response Time Viewer, you will have installed Wireshark on a box and captured some traffic. You save that capture session into a file.
Then you load the file into the Response Time Viewer. What this utility does is look (primarily) at two calculations – the time to first byte and the TCP/IP three-way handshake.
Time to first byte tells you how long it takes for an application server (like your database or web server or SalesForce.com) to respond with data after the a request has been made.
The 3-way handshake is a standard series of packets sent to measure the timing from one device to another.
What these two measurements tell you is whether a slow user experience is due to the network being slow (3-way handshake) or the application itself (time to first byte).
While this isn’t the only reaason you would use wireshark, it’s one of the more challenging measurements to do – especially if you are new to the tool. So having the Response Time Viewer can make the job of analyzing packet captures significantly less painful.
Nothing beats having the right tool for the job at hand. There are times in our work that we’re able to buy exactly what we need, and things go smoothly like they are supposed to. And then there’s the other 99% of the time.
Frugal Friday is a new feature I’m trying out where I feature a tool or utility which is 100% free. It may not do everything you need (heck, it may not do ANYTHING you need!) but for the price, you can’t beat it. As long as it’s not, you know, full of malware or anything. Click here to find more Frugal Friday Fun.