Troubleshooting network latency

networking cisco

From your Wireshark capture, there are two obvious wrong things appearing:

  1. All of the IP packets you send have an invalid checksum of 0. This may be an artifact of how the OS captures the packets, so we'll ignore that for now...

  2. This is probably causing you a lot of grief: It appears your ISP is repsonding to some (but not all) of your requests with ICMP Time Exceeded responses, which has the effect of severing your connection. For instance, see your SYN packet in line 324 and your ISP's response from 97.75.190.142 in line 327. Since your packets have a TTL of 64 set in them, this strongly suggests your ISP has a routing loop somewhere in their network.

Send a copy of this pcap file to your ISP's network people. They should be able to figure out what in their network is broken.


I had problems with random slowdowns and dropped connections at my complex recently. The best way for me to prove to them there were issues using a low-level tool:

  1. Make sure you connect a wired connection directly to wall, leaving out any routers and other devices you can. If you can do this with multiple machines, better.
  2. Run a continuous ping and watch for large variance in response times or worse, timeouts (indicating packets being dropped).

ping -t -w 1000 google.com

  1. Take a screen shot or send them the output if there are breaks in the stream. You want to see low variance of a few ms difference in response times, and very few,if any, drops. Run this for a long time, more than a few minutes. Such as:

C:>ping -t -w 1000 google.com

Pinging google.com [74.125.140.102] with 32 bytes of data: Reply from 74.125.140.102: bytes=32 time=19ms TTL=48 Reply from 74.125.140.102: bytes=32 time=17ms TTL=48 Reply from 74.125.140.102: bytes=32 time=21ms TTL=48 Reply from 74.125.140.102: bytes=32 time=16ms TTL=48 Reply from 74.125.140.102: bytes=32 time=17ms TTL=48 Reply from 74.125.140.102: bytes=32 time=29ms TTL=48 Reply from 74.125.140.102: bytes=32 time=20ms TTL=48 Reply from 74.125.140.102: bytes=32 time=45ms TTL=48 Reply from 74.125.140.102: bytes=32 time=16ms TTL=48 Reply from 74.125.140.102: bytes=32 time=19ms TTL=48 Reply from 74.125.140.102: bytes=32 time=15ms TTL=48 Reply from 74.125.140.102: bytes=32 time=15ms TTL=48

  1. If you can show there is a problem, keep calling them. It may take awhile to get people to notice.

Hope that helps.


FYI - ping is the tool to check latency. This is processed in the data plane and is a true indication of lag for data packets. traceroute or tracert get processed in the control plane, and response times are not an indication of network latency, but can be impacted by high cpu utilization. traceroute and tracert should only be used to show path selection.

Related

Change the Windows Automatic Updates Schedule on Server Core
do SSH keys have to be unique to the service they are used for?
How to parse OpenFlow packets using tcpdump capture file programmatically
Apache2 conditional section based on port
Debugging sendmail - dsn=5.0.0
Error setting capabilities, capability management disabled;
Replacing hosts in puppet
Determine filterable attributes of returned Powershell object
Accessing the Computer Configuration node in Group Policy settings
installing non-hp RAM in hp proliant ml310e G8
Fedora19: YUM glibc is a duplicate of glibc
How to monitor per-port bandwidth using SNMP