In the last post, we discussed how to get a network trace using OneClick. In this post, we’ll see how you might use that data. The example I am going to use is for a file server that is acting sluggish and show you how two registry values might alleviate some of your issues. Don’t worry, we’re not going to start another chorus of “Get Rid of those .PST Files” – we’re going to assume that you’re in a .PST-free zone today! Let’s take our network capture that we got from our OneClick session. We are going to use Wireshark to do a two-minute analysis on our capture file.
Open up your .CAP file in Wireshark. Once the capture file is loaded, click on Statistics, then Protocol Hierarchy. This provides you with a breakdown of your network traffic. When investigating sluggish file server issues, one of the things we look for is whether or not there is a disproportionate amount of Server Message Block (SMB) traffic – file / folder access type traffic.