Wireshark-users: Re: [Wireshark-users] Wireshark & monitoring in the enterprise environment
mv652@xxxxxxxxxxxx wrote:
Hi Martin,
To answer your questions (and again, note this only applies to
high-frequency algo-type trading and microsecond/millisecond analysis)
"Sure, latency monitoring using Wireshark wouldn't do, however, AFAIU,
monitoring of the throughput - say with a window 1 sec long - may work, no?"
1 sec these days is the equivalent of 10 seconds polling a few years ago.
If your polling rate is every 10seconds or 30seconds, what happens to peaks
of traffics within those seconds? They are not reported.
Similarly, with 1sec polling, you don't see a spike that lasts
100milliseconds or 100microseconds. On a particular service we use, spikes
at this time scale are told to go from ~6mbps to +110mbps.
This is interesting. What window sizes are you using actually? The
obvious problem with too small window size is that the peaks are
artificially increased. With window size approaching 0 peak sizes
approach infinity. My feeling was that window size of several
millisecond is the most viable alternative, but maybe it isn't?
Martin
