Perforce Public Knowledge Base - How to Use Wireshark to Analyze Network Performance
Reset Search



How to Use Wireshark to Analyze Network Performance

« Go Back



How to use Wireshark to analyze slow network traffic to a Perforce server.

Note: Wireshark was formerly known as Ethereal.


Wireshark is a useful tool to determine the cause of slow network connections. The following steps show you how to configure Wireshark:

  1. Install Wireshark:

    On Windows, download Wireshark and install with the default selections, including WinPcap.

    On Linux, enter the commands:

    yum search wireshark
    yum install wireshark.x86_64k
    yum install wireshark-gnomek
    Note: Replace "wireshark.x86_64" with the build that corresponds to your Linux workstation platform.

  2. Configure the interface to be analyzed:

    1. Start Wireshark.
    2. Select the  "Capture | Interfaces" menu item.
    3. Choose the network interface exhibiting issues and click Start.

  3. To configure a filter with a focus on Perforce network traffic click the Expression item next to the Filter item.

  4. To capture P4V client access to a Perforce server on port 1666, configure the filter with these details:

    Field Name: TCP - Transmission Control Protocol expanded to tcp.dstport - Destination Port
    Relation: ==
    Value: 1666

    Note: If you are using another port for your Perforce server, use that value instead of 1666.

  5. Click the OK button.

  6. click Apply button.

  7. Start capture of network traffic:

    1. Select the  Capture | Stop menu item (if not already stopped).
    2. Select the Capture | Start menu item.
    3. Select Continue without Saving when prompted. 

    Note: The bottom pane will be empty.

  8. Launch the application you want to analyze (the P4V client, for example).

    Note: You can select the Capture | Restart menu item prior to testing the conditions of slower network performance.

  9. Select the  Capture | Stop menu item when you have completed reproducing the issue.

  10. To save the results, select the File | Save as... menu item to save the output as a .pcap file. This file can be sent to Perforce for analysis.

What to Look For in the Wireshark Output:

  • Correlate Wireshark to a P4V log:

    It is useful to correlate the P4V log with Wireshark.  Use the P4V log as a summary of activity to list the order of commands run, then find the command in Wireshark and look at the networking details.  To turn on P4V logging:

    1. Open the P4V preferences.
    2. Select the Logging heading.
    3. Select (check) the "Show p4 reporting commands" option.
    4. Select (check) the "Show p4 command output" option.
    5. Select (check) "Enable logging to file".
    6. Click the "Select" button to save a log file to the location of your choice.
  • Unfiltered Wireshark output might show other network activity during the periods of slow network performance:

    Set View | Time Display Format | Seconds Since Previous Captured Packet to look for packets with long delays.  Although latency between packets does not always indicate a cause, it can narroe the focus to where delays are occurring.

    Check for network errors in red on black, or check for commands that are unnecessarily run repeatedly.

    Note: If all packets are displayed with Header checksum errors, the networking hardware is likely using "Checksum Offload". Those errors can be safely ignored.

  • Compare Wireshark output on a problem machine to a non-problem machine:

    It is helpful to compare Wireshark output on a machine that has fast network access against a similar machine that runs slowly while accessing the network.

    Look for output for particularly slow timing, such as when accessing a network drive.  See if delays are caused by other traffic such NBNS (NetBIOS), printer traffic or TCP traffic to other applications.

Useful Tips

  • Filter to a specific string:

    If you are looking for a specific string, change the filter option using the syntax:

    data contains string

    For example, to filter for access to file A.txt, modify the filter to:

    Filter: data contains A.txt

    To filter for commands such as p4 changes, modify the filter to:

    Filter:  data contains user-changes
  • Find a specific Perforce command:

  • This is usually needed to correlate your Wireshark trace with a P4V or Perforce server log.

    In Wireshark, select "Edit | Find Packet | String | Packet bytes".  Type in the search string, such as user-sync, to find when p4 sync was run while Wireshark was monitoring the network traffic.

    To do the same thing with the P4 command line client, compare the Wireshark output with the p4 command with the following global options:

    p4 -v rpc=5 -v net=5 command > filename  

    Note: All Perforce user commands are prefaced with "user-". For example, a p4 sync is user-sync, a p4 submit is user-submit, and so forth.

  • Add helpful columns to the Wireshark output:

    Right-click the header columns and set Column Preferences | Field type (dropdown) | Packet length to look at the size of packets.

  • Number each line of the Wireshark output:

  • Right-click the header columns and set Column Preferences | Field type (dropdown) | Number to consecutively number each packet. Drag columns left or right to put the column in your desired order.

  • Saving Wireshark output to a spreadsheet:

    Wireshark output can be exported to a .csv file using File | Export | File | Save as... and set the "type:" to  ".csv".

    The resulting file can be imported into a spreadsheet application to be sorted and searched.

Related Links



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255