Troubleshooting Series: Identifying Network Latency

  • Article

I recently watched a webcast done by Laura Chappell on how to troubleshoot a slow network. She did an exceptional job in providing the essential information I needed in analyzing network captures for latency. Before I get ahead of myself, here are some key concepts and tools that you should familiarize yourself with:

 

The TCP Triple Handshake

Besides the fact that I get asked this question in every interview I have ever been to in the last 8 years, understanding how this works help you when troubleshooting network related issues such as Performance, Authorization and Page Not Found Errors. In a nutshell, the triple handshake consists of:

 

1. Syn – this is the initial packet that is sent from the client to the server

2. Syn Ack – this is initial packet that the server send back to the client confirming that is received the client’s request

3. Ack – this is the packet the client sends back to server confirming that it received the server’s packet and completes the handshake

 

 

High Latency is a MOSS killer

The network connection between the clients and the Front end Servers and the network connection between the Front End Servers and the SQL Server, Latency is the problem you need to find and remediate or mitigate for your MOSS Deployments. Kimmo Forss and Dino Dat-on have published a whitepaper on this topic and also gave some great presentations at TechReady 6 and the MS Sharepoint 2008 Conference on geo-dispersed environments and WAN optimization. It is definitely a must read!!!

 

Network Tools that I have used

Netmon

Wireshark

 

=====

 

Once you are ready to troubleshoot the network connection, follow the following steps to dig deeper into problem:

 

Wire latency:

1. On the client computer, open up netmon or wireshark and start a network capture

2. On the client computer, browse a MOSS page on the farm

3. Stop the network capture and open it up

4. If you see a big delay between the initial SYN (client) and SYN ACK (server), then it is wire latency

5. The next steps would be to investigate what is happening on the network as this may not be a MOSS, Client or Server issue.

 

Client latency:

1. On the MOSS Front End Server, open up netmon or wireshark and start a network capture

2. On the client computer, browse a MOSS page on the farm

3. Stop the network capture and open it up

4. If you see the initial SYN (client) , SYN ACK (server), and ACK (client) and then a long delay where the server is waiting for the client to send the next set of packets, then is it client latency

5. The next steps would be to investigate what is happening on the Client.

 

 

Server latency:

1. On the client computer, open up netmon or wireshark and start a network capture

2. On the client computer, browse a MOSS page on the farm

3. Stop the network capture and open it up

4. If you see the initial SYN (client) , SYN ACK (server), and ACK (client) and then a long delay where the client is waiting for the server to send the next set of packets, then is it server latency

5. The next steps would be to investigate what is happening on the Server