Optimization before analysis
Choosing the right place to begin capturing is most often the key to resolving performance setbacks. For example, it is advisable to place the analyzer closer to the system of the employee who is regularly complaining about poor network performance than placing it at any random user's system, as this will give us a better insight to the problem.
Note
If capturing at the server is our only option, then we need to make sure that we use a good set of capture filters to avoid any unwanted traffic, or we may choose to extract the relevant conversation(s) from the complete trace file with the use of display filters.
For example, if we are only interested in traffic to or from a particular host with IP address 10.1.0.20
, then we can use host 10.1.0.20
as our capture filter, or after capturing the complete traffic, we can use ip.host == 10.1.0.20
as a display filter and use Export Specified Packets to extract that conversation.
This is important and saves a lot of analysis...