How to measure network performance metrics via passive traffic analysis?

Network performance metrics

Whichever tool you use, it is important to understand the fundamentals of how network performance metrics (such as latency, packet loss, or throughput) can be calculated. This calculation can be performed manually with Wireshark or any other packet analyzer or automated with the network performance management (NPM) solution of your choice.

The major part of applications is running on TCP protocols. TCP offers a certain number of mechanisms that can be used to evaluate network performance.

The following diagram explains the successive steps taken in a TCP session (characterized by the presence of flags in a single session) and the time intervals which correspond to different key network performance metrics:

1. Network Latency Indicators

Connection Time

This metric corresponds to the time interval between the SYN and the ACK in the initial TCP session setup: a 3-way handshake composed of SYN, SYNACK and ACK packets.

The connection time is a good indicator of the network latency as these packets are handled in priority by the system and by server clients. The impact of these system should normally be negligible.

Round Trip Time

The acknowledgment mechanism can also help measure the round trip network latency from your point of capture (which can be located on the client side, in the middle or on the server side) to either the client or the server. The round trip time is measured as the time interval between a packet containing payload and its corresponding acknowledgment packet.

The round trip time is a good indicator of round trip network latency.

Some side-effects may have a marginal impact on this metric: an overloaded system on one end can acknowledge packets slower and increase this time interval. Some systems do not acknowledge packets one by one or may delay the ACKs (see delayed acknowledgment for more details).

2. Packet Loss Indicators

How can you identify a packet which has not reached a destination? It will not show up in your trace file! Either you capture traffic on both end and compare packet per packet which ones may be missing or you rely on packet loss indicators like retransmissions. Retransmissions occur when a packet does not reach the other party and is not acknowledged or when the acknowledgment takes too much time to reach the initial sender. In both cases, the quality of the network transmission will be heavily impacted.

Retransmission rates

This metric corresponds to the number of retransmitted packets compared to the number of initial packets sent. This rate is clear indicator of packet loss.

Retransmission delay

This metric corresponds to the time interval between the initial packet sent and the first acknowledged retransmission.

It is representative of the time lost due to the retransmission/packet loss in the transfer of the data.

3. Throughput Indicators

Throughput

The throughput itself corresponds to the quantity of data sent back and forth. Counting the bytes sent from the client to the server and vice versa is enough to evaluate the throughput.

Data Transfer Time

This metric corresponds to the time required to transfer the request from the client to the server or the response from the server to the client. This value has a strong impact on the overall response time experienced by each user.

It depends on:

• The volume of data corresponding to the request and the response.
• The quality of the transmission
  • Latency
  • Packet loss / Retransmission rate
  • The ability of the systems to transfer and receive data. Any difficulties on this can be characterized by monitoring the presence of TCP errors like 0-Windows

4. Server Processing Time

Server Response Time

This metric corresponds the time interval between the last packet of the request and the first packet of the response.
It is representative of the server processing time for each TCP transaction.

(See our series of articles on TCP performance and analysis.)