Revision history [back]
.png "cal_turney")
OneDrive uses TCP ports 80 (HTTP) and 443 (HTTPS). The latter provides security by encrypting the data thus HTTPS captures are useless without the encryption key. Wireshark is able to decrypt data with the key.
While capture filters are very limited, they can at least filter an IP address and port. For client-side captures there is usually no need to configure a capture filter; however, they can be helpful in server-side captures in reducing or eliminating frames missing from the capture file due to excessive volume. The PC will receive all of the frames transmitted and received on the server's network interface and must be placed in the PC's input buffer before Wireshark can filter it. The PC stores the filtered data and disk latency is the most common cause missing frames because the rate at which data can be stored is usually far slower that the rate at which it can be buffered. If the PC is configured to encrypt data (e.g., due to company policy), latency is worse. Furthermore, we have seen frequent spikes in the incoming data rate cause as much as 99% data loss.
If the application issue is intermittent, Wireshark must be configured to store the packets received within a given time interval among a group of files in a round-robin fashion. A sufficient number of files must be specified for the person monitoring the issue to notice the failure and terminate the capture before any of the relevant capture files are overwritten. If it is not possible to reproduce the problem immediately or within a reasonable period, you may have to employ this method. If so and you need help, let us know.
OneDrive uses TCP ports 80 (HTTP) and 443 (HTTPS). The latter provides security by encrypting the data thus HTTPS captures are useless without the encryption key. Wireshark is able to decrypt data with the key.
While capture filters are very limited, they can at least filter an IP address and port. For client-side captures there is usually no need to configure a capture filter; however, they can be helpful in server-side captures in for reducing or eliminating frames missing from the capture file due to excessive volume. The PC will receive all of the frames transmitted and received on the server's network interface and must be placed in the PC's place it within its input buffer before Wireshark can filter it. The PC stores the filtered data and disk data. Disk latency is the most common cause of missing frames packets because the rate at which data can be stored is usually far much slower that the rate at which the PC can place it can be buffered. If the PC is configured to encrypt data (e.g., due to company policy), latency is worse. Furthermore, we have seen in its input buffers. Whenever incoming rate exceeds the storage rate, frames are discarded. The problem is exacerbated by frequent spikes in the incoming data rate cause as much as 99% data loss. data rate.
If the application issue is intermittent, Wireshark must be configured to store the packets received in given time period within a given time interval among in a group of files in a round-robin fashion. A sufficient number of files must be specified for the person monitoring the issue to notice the failure and terminate the capture before any of the relevant capture files are overwritten. If it is not possible to reproduce the problem immediately or within a reasonable period, you may have to employ this method. If so and you need help, let us know.know.