Ethereal-users: [Ethereal-users] Server-Client Discrepancy
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: fonte fonte <fonte_monte@xxxxxxxxx>
Date: Mon, 23 Jan 2006 08:11:54 -0800 (PST)
Hi all.
I wish to have some inputs on my capture findings. Before that I will describe the case scenario.
Initially, I have a FTP server installed at my college, was given a specific IP for it and going through the college gateway to the outside world. On the client side, I was using GPRS dial up to access my server and I use Ethereal to capture at both sides while downloading the file.
After a while, the college decided they couldn't allow me to put my server there anymore due to some firewall issue etc. As a result, I relocated my server to my home and put it behind a Linksys wireless router and connected it through my broadband internet.
However, when I compared the captures I got from both situations, it differed somewhat. Basically, when my server was at my college, server-client captures more or less matched each other - this I refer to the Info column of Ethereal display window. Example is on the first SYN sent.
From server capture:
source = client, destination = server:
3050 > ftp [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1380 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
From client capture:
source = client, destination = server
3050 > ftp [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1460 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
Here, the only different I notice is the MSS value. Why was the MSS value different?
I ran the two captures through tcptrace and I noticed a small amount of packet retransmissions. From the server capture, 5 packets were retransmitted on the server-to-client direction when downloading file. From the client capture, 2 packets were retransmitted on the server-to-client direction.
Now, when my server was relocated to my home, somehow the server-client captures differed greatly and I know this is most probably be due to the changed network architecture. Nevertheless I wish for a detail explanation on it. Example is also on the first SYN sent.
From server capture:
source = client, destination = server:
23395 > ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380
In Packet Details pane, Options = 4 bytes
From client capture:
source = client, destination = server
3031 > ftp [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
Here, port number, Win, MSS and Options values were different. Can anyone please help explain why? I hadn't changed any settings in both server-client systems.
On tcptrace, a more bizarre findings. From the server capture, 3 packets were retransmitted on the server-to-client direction when downloading file. From the client capture, 251 packets were retransmitted on the server-to-client direction. I am totally lost! In Ethereal, these are a mix of retransmitted and out-of-order packets. Please anyone, any input is really appreciated.
One more thing, when I opened the client capture which consists of this too many retransmitted packets, I get an error 'The capture file appears to have been cut short in the middle of a packet'. I'm using version 0.10.13.
I hope my case is really clear. I had not attached any capture (one is about 1000+ KB) however if it is needed I would email it.
Any input, suggestion, comment, feedback is greatly appreciated.
Thanks all.
I wish to have some inputs on my capture findings. Before that I will describe the case scenario.
Initially, I have a FTP server installed at my college, was given a specific IP for it and going through the college gateway to the outside world. On the client side, I was using GPRS dial up to access my server and I use Ethereal to capture at both sides while downloading the file.
After a while, the college decided they couldn't allow me to put my server there anymore due to some firewall issue etc. As a result, I relocated my server to my home and put it behind a Linksys wireless router and connected it through my broadband internet.
However, when I compared the captures I got from both situations, it differed somewhat. Basically, when my server was at my college, server-client captures more or less matched each other - this I refer to the Info column of Ethereal display window. Example is on the first SYN sent.
From server capture:
source = client, destination = server:
3050 > ftp [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1380 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
From client capture:
source = client, destination = server
3050 > ftp [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1460 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
Here, the only different I notice is the MSS value. Why was the MSS value different?
I ran the two captures through tcptrace and I noticed a small amount of packet retransmissions. From the server capture, 5 packets were retransmitted on the server-to-client direction when downloading file. From the client capture, 2 packets were retransmitted on the server-to-client direction.
Now, when my server was relocated to my home, somehow the server-client captures differed greatly and I know this is most probably be due to the changed network architecture. Nevertheless I wish for a detail explanation on it. Example is also on the first SYN sent.
From server capture:
source = client, destination = server:
23395 > ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380
In Packet Details pane, Options = 4 bytes
From client capture:
source = client, destination = server
3031 > ftp [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
Here, port number, Win, MSS and Options values were different. Can anyone please help explain why? I hadn't changed any settings in both server-client systems.
On tcptrace, a more bizarre findings. From the server capture, 3 packets were retransmitted on the server-to-client direction when downloading file. From the client capture, 251 packets were retransmitted on the server-to-client direction. I am totally lost! In Ethereal, these are a mix of retransmitted and out-of-order packets. Please anyone, any input is really appreciated.
One more thing, when I opened the client capture which consists of this too many retransmitted packets, I get an error 'The capture file appears to have been cut short in the middle of a packet'. I'm using version 0.10.13.
I hope my case is really clear. I had not attached any capture (one is about 1000+ KB) however if it is needed I would email it.
Any input, suggestion, comment, feedback is greatly appreciated.
Thanks all.
Yahoo! Photos
Got holiday prints? See all the ways to get quality prints in your hands ASAP.
- Follow-Ups:
- Re: [Ethereal-users] Server-Client Discrepancy
- From: Jack Jackson
- Re: [Ethereal-users] Server-Client Discrepancy
- Prev by Date: [Ethereal-users] Windows ME no SSL
- Next by Date: Re: [Ethereal-users] Windows ME no SSL
- Previous by thread: Re: [Ethereal-users] Windows ME no SSL
- Next by thread: Re: [Ethereal-users] Server-Client Discrepancy
- Index(es):