Perforce Public Knowledge Base - How to Use Wireshark to Analyze Network Performance
Downloads Blog Company Integrations Careers Contact Try Free
Menu Search
Reset Search



How to Use Wireshark to Analyze Network Performance

« Go Back



How to use Wireshark to analyze slow network traffic to a Perforce server.

Note: Wireshark was formerly known as Ethereal.


Wireshark is a useful tool to determine the cause of slow network connections. The following steps show you how to configure Wireshark:

  1. Install Wireshark:

    On Windows, download Wireshark and install with the default selections, including WinPcap.

    On Linux, enter the commands:

    yum search wireshark
    yum install wireshark.x86_64k
    yum install wireshark-gnome

    Note: Replace "wireshark.x86_64" with the build that corresponds to your Linux workstation platform.

  2. If the Protocol field lists "UNKNOWN", select Analyze->Enabled Protocols->Enable All

  3. Configure the interface to be analyzed:

    To configure a filter with a focus on Perforce network traffic click the Expression item next to the Filter item.

    1. Start Wireshark.
    2. Select the "Capture | Interfaces" menu item.
    3. Choose the network interface exhibiting issues and click Start.
  4. On Windows, use Capture|Refresh Interfaces|(select interface)|Start:

    To capture P4V client access to a Perforce server on port 1666, configure the filter.


    1. Capture | Capture Filters | New (or + sign).
    2. Filtername: + sign (type in a name to replace "New capture filter").
    3. Filter: tcp port 1666.
    4. OK.
    5. Analyze | Display Filters|+ Name (type name)|Filter ip.addr=
    6. OK.
    7. Capture | Stop.
    8. When ready, Capture | Start.
    9. Choose Continue without Saving.
  5. Launch the application you want to analyze (the P4V client, for example).

    Note: You can select the Capture | Restart menu item prior to testing the conditions of slower network performance.

  6. Select the Capture | Stop menu item when you have completed reproducing the issue.

  7. To save the results, select the File | Save as... menu item to save the output as a .pcap file for analysis. Search the output as described below.

What to Look For in the Wireshark Output

  • Correlate Wireshark to a P4V log:

    It is useful to correlate the P4V log with Wireshark. Use the P4V log as a summary of activity to list the order of commands run, then find the command in Wireshark and look at the networking details. It is easiest when both the server and the client have the same time.

    To turn on P4V logging:

    1. Open the P4V preferences.
    2. Select the Logging heading.
    3. Select (check) the "Show p4 reporting commands" option.
    4. Select (check) the "Show p4 command output" option.
    5. Select (check) "Enable logging to file".
    6. Click the "Select" button to save a log file to the location of your choice.
  • Unfiltered Wireshark output might show other network activity during the periods of slow network performance:

    Set View | Time Display Format | Seconds Since Previous Captured Packet to look for packets with long delays. Although latency between packets does not always indicate a cause, it can narroe the focus to where delays are occurring.

    Check for network errors in red on black, or check for commands that are unnecessarily run repeatedly.

    Note: If all packets are displayed with Header checksum errors, the networking hardware is likely using "Checksum Offload". Those errors can be safely ignored.

  • Compare Wireshark output on a problem machine to a non-problem machine:

    It is helpful to compare Wireshark output on a machine that has fast network access against a similar machine that runs slowly while accessing the network.

    Note: Look for output for particularly slow timing, such as when accessing a network drive. See if delays are caused by other traffic such NBNS (NetBIOS), printer traffic or TCP traffic to other applications.

Useful Tips

This is usually needed to correlate your Wireshark trace with a P4V or Perforce server log.

In Wireshark, select "Edit | Find Packet | String | Packet bytes". Type in the search string, such as user-sync, to find when p4 sync was run while Wireshark was monitoring the network traffic.

To do the same thing with the P4 command line client, compare the Wireshark output with the p4 command with the following global options:

p4 -v rpc=5 -v net=5 command > filename  

Note: All Perforce user commands are prefaced with "user-". For example, a p4 sync is user-sync, a p4 submit is user-submit, and so forth.

Legacy Wireshark Filters

Right-click the header columns and set Column Preferences | Field type (dropdown) | Number to consecutively number each packet. Drag columns left or right to put the column in your desired order.

  • Filter to a specific string:

    If you are looking for a specific string, change the filter option using the syntax:

    data contains string

    For example, to filter for access to file A.txt, modify the filter to:

    Filter: data contains A.txt

    To filter for commands such as p4 changes, modify the filter to:

    Filter:  data contains user-changes
  • Find a specific Perforce command:

  • Add helpful columns to the Wireshark output:

    Right-click the header columns and set Column Preferences | Field type (dropdown) | Packet length to look at the size of packets.

  • Number each line of the Wireshark output:

  • Saving Wireshark output to a spreadsheet:

    Wireshark output can be exported to a .csv file using File | Export | File | Save as... and set the "type:" to ".csv".

    The resulting file can be imported into a spreadsheet application to be sorted and searched.

Related Links



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255