Ethereal-users: [Ethereal-users] Trying to figure out intermittent slowdown with Linksys router

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Chris Moore <chrismoore@xxxxxxxxxxxx>
Date: Sun, 2 Oct 2005 11:55:10 -0700 (PDT)
I've got a problem that's got me baffled and I'm hoping someone here might be able to help.

I'm using ADSL from Surewest Internet.  I've got the ADSL modem going to a Linksys WRT54G wireless router, with about 8 to 10 systems behind the router on my local LAN.

Lately I've started getting intermittent slowdowns.  Using the speed test at http://personal.surewest.com/internet/speed_test.php my normal throughput is reasonably close to 3000 Kbps.  But frequently throughout the day the connection gets really bad, and I get closer to 300 Kbps on that test.  I also get slow downloads, DNS lookup failures, etc.

I hooked up a laptop with Ethereal on the WAN side of the router, so I see what's going between the router and the CO.  But on that computer I NEVER see the problem.  Any system that I put on the WAN side of the router performs great.  It's only systems behind the router that have the problem.

That led me to think it's a bad router.  So I replaced the router - same problem.  And here's the really bizarre bit:  When things are working I get pretty much what I expect:
No.     Time        Source                Destination           Protocol Info
    125 8.352858    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    126 8.356862    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    127 8.358092    69.62.155.56          66.60.128.30          TCP      2281 > http [ACK] Seq=626 Ack=23583 Win=65535 Len=0
    128 8.360865    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    129 8.363846    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    130 8.365078    69.62.155.56          66.60.128.30          TCP      2281 > http [ACK] Seq=626 Ack=26503 Win=65535 Len=0
    131 8.367852    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    132 8.370862    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    133 8.372122    69.62.155.56          66.60.128.30          TCP      2281 > http [ACK] Seq=626 Ack=29423 Win=65535 Len=0

Packets come in quickly, get acked quickly, and everything is great.  But when the slowdown occurs I get a bunch of occurances of this:
No.     Time        Source                Destination           Protocol Info
    223 4.255012    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    224 4.258996    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    225 4.260224    69.62.155.56          66.60.128.30          TCP      2473 > http [ACK] Seq=572 Ack=137171 Win=65535 Len=0
    226 4.263009    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    227 4.266987    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    228 4.268224    69.62.155.56          66.60.128.30          TCP      2473 > http [ACK] Seq=572 Ack=140091 Win=65535 Len=0
    229 4.271004    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    230 4.274003    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    231 4.275221    69.62.155.56          66.60.128.30          TCP      2473 > http [ACK] Seq=572 Ack=143011 Win=65535 Len=0
    232 4.790859    69.62.155.3           Broadcast             ARP      Who has 69.62.155.151?  Tell 69.62.155.3
    233 4.824835    69.62.155.3           Broadcast             ARP      Who has 69.62.155.151?  Tell 69.62.155.3
    234 5.069974    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    235 5.190836    69.62.155.2           Broadcast             ARP      Who has 65.78.162.211?  Tell 65.78.162.2
    236 5.223833    69.62.155.2           Broadcast             ARP      Who has 65.78.162.211?  Tell 65.78.162.2
    237 5.237529    69.62.155.56          66.60.128.30          TCP      2473 > http [ACK] Seq=572 Ack=144471 Win=65535 Len=0
    238 5.282959    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    239 5.285943    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    240 5.287167    69.62.155.56          66.60.128.30          TCP      2473 > http [ACK] Seq=572 Ack=147391 Win=65535 Len=0
    241 5.332954    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    242 5.335959    66.60.128.30          69.62.155.56          HTTP     Continuation or non-HTTP traffic
    243 5.337184    69.62.155.56          66.60.128.30          TCP      2473 > http [ACK] Seq=572 Ack=150311 Win=65535 Len=0

Notice fram 231 at time 4.27 is an ACK, but I didn't get the next data packet until time 5.07.  (There are a couple of ARPs in there - I don't think they're related, but i left them in)
And it's only one packet, there's not another with it like in a normal transfer.  After about 120 msecs my router acks that packet, then things seem to go back to normal.

This suggests to me that the problem is with the ISP, not with my router.  The other end just stops sending.  So why does this work without the router and not with it?

I have two different IP addresses I can use for the router, on two different subnets.  Both behave the same.  I've tried changing cables.  I've tried adjusting MTU on the router.

Can anyone think of what this might be?  I can't complain to the ISP because it works fine without the router, but everything I see suggests that when it fails the problem is not in the router but at the ISP end.

Thanks in advance.

Chris Moore