Open in app

Sign in

Write

Sign in

Analyzing TCP dumps using TRANSUM Protocol via Wireshark

Lakmini Wathsala
3 min readDec 20, 2022

--

In this blog post, I will guide you to analyze TCP dumps using the TRANSUM protocol. This is very useful when you analyze latency/delay in the request/response flows.

Hope you have already captured a TCP dump for the analysis.

👉 Step 1: Open the TCP dump via Wireshark(File → Open → select the relevant TCP dump).

👉 Step 2: Enable the TRANSUM protocol.

Navigate to Analyze → Enabled Protocols → Search for “TRANSUM”. Tick the TRANSUM Protocol and click OK.

👉 Step 3: TRANSUM RTE DATA field will be added as a new field.

In order to view this field need to select a row of the TCP dump relevant to the TDS protocol(ex: RPC call) or some Application Data.

👉 Step 4: Add the relevant sub fields as columns.

Right click on the sub field and click ‘Apply as Column’.

After adding few TRANSUM RTE columns:

👉 Step 5(Optional): Add a profile with TRANSUM protocol.

In the bottom right corner of the Wireshark UI, there will be a profile. Right click on that and select ‘New’ to create a new profile with the above changes. Change the name of the profile and click OK. So that we can select the newly created profile when we need TRANSUM protocol for our analysis.

So we are done with enabling TRANSUM protocol. 🌻 🌻 🌻

Let me guide you on a bit how we can utilize this in our analysis.

TRANSUM is providing a breakdown of the overall response time of service to identify slow response times from components such as web, application, and database services by detailing the response times of network and service elements. The main objective of TRANSUM is to allow quickly identify the cause of slow response times.

Between client and service application messages will be flowed, which are called Application Protocol Data Units or APDUs. There are two types of APDU:

  • Request APDU flows from client to service
  • Response APDU flows from service to client

Please refer to the following diagram to analyze the response times.

APDU Response Time
The time taken from sending the first Request packet to receiving the last Response packet.

Service Time
The time between receiving the last Request packet and sending the first Response packet can be assumed as the time taken to complete processing.

Spread Time
Time to transfer the multiple request packets and the multiple response packets across the network.

This model is accurate within the following limitations.

  • The APDUs within a stream follow a request-response-request-response pattern — flip-flop mode of operation
  • There is no additional level of multiplexing running on top of TCP

Hope this blog post finds useful for analyzing TCP dumps! 🎄 🎄 🎄 Merry Christmas 🎄🎄🎄

References

[1] https://www.youtube.com/watch?v=QfxWBYSYYKc
[2] https://www.cellstream.com/2017/06/18/the-transum-tool-is-now-in-wireshark-2-4/

Wireshark
Tcp Dump
Analysis
Transum

--

--

Lakmini Wathsala

Written by Lakmini Wathsala

26 Followers

Associate Technical Lead @WSO2

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams