Networking

Use jperf and Wireshark for troubleshooting network issues

Scott Reeves explains how to use jperf to simulate a TCP or UDP connection and then use Wireshark to analyze the traffic in order to help pinpoint network issues.

In a previous post on jperf, I wrote about using jperf to check network performance. In a later post, I mentioned using filters on Wireshark to analyze traffic.  Combining jperf with Wireshark gives you (respectively) a tool to simulate network traffic and a tool to probe and capture what is taking place on the network whilst the simulation is running. This post gives a short example on how to use both tools.

First a brief recap: jperf needs two computers: one to act as the server and one as the client. The server end can be setup as per Figure A.

Figure A

Click on images to enlarge.

You can change the parameters once you've had a few run-throughs, but for the purpose of this example, we'll leave them as they are. In this case we want to check on TCP throughput. This simulates perhaps an ftp connection, or an http page load.

On the client laptop (which, in this case, was a Linux netbook) jperf ran for 10 seconds (the default). A Wireshark capture session was also started just prior to the jperf transmission. Figure B shows the jperf screen from the client side. In this case, the server IP address was 192.168.250.2. Figure C shows the actual capture.

Figure B

Figure C

Note the TCP three-way handshake starts in line 29 of this capture. The relevant parts of the three-way handshake have been circled. After the connection is established, the data starts to flow from line 35. In this case, 1514 byte frames are being used. We can also see the source and the destination IP. Note that this connection is simulating a TCP connection, rather than a UDP connection.

A nice feature of Wireshark is that you can highlight a frame going to the server, then click on the Statistics menu, go down to TCP stream graph , and then throughput. This is shown in Figure D.

Figure D

This will produce a graph of the throughput, as shown in Figure E.

Figure E

The drawback is that you cannot save this graph, other than by taking a screenshot. However, there is another option. You can go into the Statistics menu and select IO Graph. See also Figure F.

Figure F

For this example we are only interested in TCP packets. We therefore apply a filter so that only TCP packets are graphed. The graph and the filter are shown in Figure G. This graph shows the number of TCP packets sent every 0.1 seconds.

Figure G

We can use this to provide an estimate of throughput. In this case, we can see that the throughput is relatively constant over the period of transmission. One word of warning: Wireshark was designed more with network troubleshooting in mind, so the graphing functions are designed more to assist in pinpointing a problem than in providing graphs for general use.

This post has looked briefly at a combination of jperf and Wireshark. Jperf can be used to simulate a TCP connection (such as ftp) or a UDP connection (such as VoIP). Wireshark can be used to check on the frames that are being sent over the network by the simulation.

About

Scott Reeves has worked for Hewlett Packard on HP-UX servers and SANs, and has worked in similar areas in the past at IBM. Currently he works as an independent IT consultant, specializing in Wi-Fi networks and SANs.

4 comments
bill.friday
bill.friday

Hi Scott, The article was nicely done. Just wanted to point out that I was able to get fairly accurate bits/second I/O Graphs from wireshark (assuming you have enough data in the capture). The trick is to set the "Tick Interval:1 Sec" and the "Unit: Bits/Tick". The numbers are typically better than 5 minute MRTG data.

pmcdonagh
pmcdonagh

Thanks Scott, That combination would be perfect for teaching networking/OSI to my students. I have used wireshark in the past but combining it with jperf to simulate specific traffic will be great!

snichor
snichor

Hi Bill, thanks for the feedback. You are quite correct in pointing out the bits/second graph; it is a nice feature of wireshark.

snichor
snichor

Thanks for the feedback, pmcdonagh.

Editor's Picks