Analysing traces for performance bottlenecks

Tim Eberhard xmin0s at
Tue Jul 15 10:35:51 UTC 2008

One potentially useful piece of software that is a work in progress is
called Pcapdiff. (

Written by Seth Schoen and Steven Lucy it's a pretty useful piece of
software. While still in a relative infant stage I think it could mature
into a very useful tool to troubleshoot network connectivity.

Pcapdiff was originally written to find out if your ISP was toying with you
P2P packets (comcast) and injecting resets. I have worked with the authors a
bit and found it highly useful to take two packet captures on my network and
use it to verify A) All packets sent are recieved B) They are in their
original state.

Again the features of pcapdiff are pretty limited but I love the idea of the
program and I really think it could grow into an excellent tool to analyze
packet captures with just a few additional features (a few listed below)

-Tim Eberhard

On Tue, Jul 15, 2008 at 5:05 AM, Sam Stickland <
sam_mailinglists at> wrote:

> Hi,
> Are there any packages (or Wireshark options that I've missed) that can
> follow a TCP stream and determine the limiting factor on throughput. E.g
> Latency, packet loss, out of sequence packets, window size, or even just the
> senders rate onto the wire. I know how to analyse a trace by hand for
> performance issues, but it's relatively time consuming.
> Googling for variations on "Analyse TCP stream limit throughput" didn't
> find anything.
> Sam

More information about the NANOG mailing list