Analysing traces for performance bottlenecks


Are there any packages (or Wireshark options that I've missed) that can follow a TCP stream and determine the limiting factor on throughput. E.g Latency, packet loss, out of sequence packets, window size, or even just the senders rate onto the wire. I know how to analyse a trace by hand for performance issues, but it's relatively time consuming.

Googling for variations on "Analyse TCP stream limit throughput" didn't find anything.


One potentially useful piece of software that is a work in progress is
called Pcapdiff. (

Written by Seth Schoen and Steven Lucy it's a pretty useful piece of
software. While still in a relative infant stage I think it could mature
into a very useful tool to troubleshoot network connectivity.

Pcapdiff was originally written to find out if your ISP was toying with you
P2P packets (comcast) and injecting resets. I have worked with the authors a
bit and found it highly useful to take two packet captures on my network and
use it to verify A) All packets sent are recieved B) They are in their
original state.

Again the features of pcapdiff are pretty limited but I love the idea of the
program and I really think it could grow into an excellent tool to analyze
packet captures with just a few additional features (a few listed below)

-Tim Eberhard

A bit more googling has found the Web100 projects NDT ( I'm currently making a Linux VM that can run it. It's useful, but I'm still really after something that can do it's type of analysis from a packet capture.


Sam Stickland wrote: