Re: Wireshark trace file for load runner events

[Martin Visser <martinvisser99 () gmail com>]

The biggest problem with determining the differences is that all your
traffic is encrypted in SSL (HTTPS) so we can't see the actual transactions.

However by inference, the client is clearly operating differently.

The most obvious thing is the total amount of traffic (seen if you view the
Statistics:Summary) the number of packets and bytes is just about double on
the Loadrunner example. But I guess you already knew that

However the most telling thing can be seen from Statistics:Conversations and
TCP. The manual only had 2 HTTPS sessions established. Both seem non-trivial
(in terms of the volume of traffic). However for the loadrunner test there
are 13 HTTPS sessions. Some of the loadrunner driven sessions have very
little traffic, with only 1K or two going each direction.The  last two
established SSL sessions seem to match the volume of your manual test.

So there is a clear difference in how the two operate. What that is can only
be determined either through not using HTTPS (or decrypting the HTTPS) or
using suitable browser or server analysis tools (something like Firebug in
the former, and log or debug tracing on the server.


Regards, Martin

MartinVisser99 () gmail com


On Wed, Mar 3, 2010 at 11:40 PM, Mahendranath.N
<mahendranath_n () yahoo co in>wrote:

> Hi Martin,
>
> Please find the attched wiresharkl files captured during navgation of same
> flow manually & by load runner.
>
> manually we observed 161 entries and when we capture the same process by
> load runner we observed 369.
>
> We made sure there is no extra browser or extra software running n the
> system.
>
> Please find the attchment for both the files.  Info ont he extra entries
> during load runner capture will help us greatly.
>
> Regards,
> Mahendranath
>
> --- On *Tue, 3/2/10, Martin Visser <martinvisser99 () gmail com>* wrote:
>
>
> From: Martin Visser <martinvisser99 () gmail com>
> Subject: Re: [Wireshark-users] Wireshark trace file for load runner events
> To: "Community support list for Wireshark" <wireshark-users () wireshark org>
> Date: Tuesday, March 2, 2010, 8:32 AM
>
>
>  Mahendranath,
>
> You need to provide a little more info for us to help.
>
> I am sure that "*Ethernt 2, src : HewlettP_5c:80:39" *isn't all that
> appears the information on the packets you are seeing. The best guess is
> that "Ethernet 2" is the name of interface and that "HewlettP_5c:80:39" is
> simply the source MAC address of the packet (where the first 3 bytes of the
> actual MAC address xx:xx:xx get resolved to HewlettP")
>
> I think we would need to see a well-filtered sample of the packets from
> your manual and Loadrunner scenarios to be able to compare. (Loadrunner
> tries to "emulate" clients so it simply might be not be a perfect emulator)
>
> Regards, Martin
>
> MartinVisser99 () gmail com<http://us.mc86.mail.yahoo.com/mc/compose?to=MartinVisser99 () gmail com>
>
>
> On Mon, Mar 1, 2010 at 6:22 PM, Mahendranath.N <mahendranath_n () yahoo co 
> in<http://us.mc86.mail.yahoo.com/mc/compose?to=mahendranath_n () yahoo co in>
> > wrote:
>
> >   Hi ,
> >
> > I have a scenario and i observed around 160 wire shark calls for manual
> > navigation of that scenario,.The same scenario I am trying to capture by
> > using load runner with Wireshark enabled, but observed 240 calls.
> >
> > Can anyone clarify why there are extra calls for navigating the same
> > scenario by load runner.
> >
> > Each extra call has Etehernet syntax as below :
> >
> > *Ethernt 2, src : HewlettP_5c:80:39 *
> > **
> > It will be great if someone can clarify the above...* *
> > **
> > Regards,
> > Mahendranath
> >
> >
> >
> >
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark 
> > org<http://us.mc86.mail.yahoo.com/mc/compose?to=wireshark-users () wireshark org>
> > >
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request () wireshark 
> > org<http://us.mc86.mail.yahoo.com/mc/compose?to=wireshark-users-request () wireshark org>
> > ?subject=unsubscribe
>
>
> -----Inline Attachment Follows-----
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark 
> org<http://us.mc86.mail.yahoo.com/mc/compose?to=wireshark-users () wireshark org>
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark 
> org<http://us.mc86.mail.yahoo.com/mc/compose?to=wireshark-users-request () wireshark org>
> ?subject=unsubscribe
>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe