How to measure network performance through passive traffic analysis
The major part of applications is running on TCP protocols. TCP offers a certain number of mechanisms which can be used to evaluate network performance.
The following diagram explains the successive steps taken in a TCP session (characterized by the presence of flags in a single session) and the time intervals which correspond to different key performance metrics:
1. Network Latency Indicators
This metric corresponds to the time interval between the SYN and the ACK in the initial TCP session setup: a 3-way handshake composed of SYN, SYNACK and ACK packets.
The connection time is a good indicator of the network latency as these packets are handled in priority by the system and by server clients. The impact of these system should normally be negligible.
Round Trip Time
The acknowledgment mechanism can also help measure the round trip network latency from your point of capture (which can be located on the client side, in the middle or on the server side) to either the client or the server. The round trip time is measured as the time interval between a packet containing payload and its corresponding acknowledgment packet.
The round trip time is a good indicator of round trip network latency.
Some side-effects may have a marginal impact on this metric: an overloaded system on one end can acknowledge packets slower and increase this time interval. Some systems do not acknowledge packets one by one or may delay the ACKs (see delayed acknowledgment for more details).
2. Packet Loss Indicators
How can you identify a packet which has not reached a destination? It will not show up in your trace file! Either you capture traffic on both end and compare packet per packet which ones may be missing or you rely on packet loss indicators like retransmissions. Retransmissions occur when a packet does not reach the other party and is not acknowledged or when the acknowledgment takes too much time to reach the initial sender. In both cases, the quality of the network transmission will be heavily impacted.
This metric corresponds to the number of retransmitted packets compared to the number of initial packets sent. This rate is clear indicator of packet loss.
This metric corresponds to the time interval between the initial packet sent and the first acknowledged retransmission.
It is representative of the time lost due to the retransmission / packet loss in the transfer of the data.
3. Throughput Indicators
The throughput itself corresponds to the quantity of data sent back and forth. Counting the bytes sent from the client to the server and vice versa is enough to evaluate the throughput.
Data Transfer Time
This metric corresponds to the time required to transfer the request from the client to the server or the response from the server to the client. This value has a strong impact on the overall response time experienced by each user.
It depends on:
- The volume of data corresponding to the request and the response.
- The quality of the transmission
- Packet loss / Retransmission rate
- The ability of the systems to transfer and receive data. Any difficulties on this can be characterized by monitoring the presence of TCP errors like 0-Windows
4. Server Processing Time
Server Response Time
This metric corresponds the time interval between the last packet of the request and the first packet of the response.
It is representative of the server processing time for each TCP transaction.
We hope this short guide can help you concentrate on useful metrics to evaluate end user response times and network performance.
To learn how to troubleshoot network and application performance degradations in 4 easy steps, you can download our Performance Troubleshooting Guide: