Wireshark-users: Re: [Wireshark-users] Things Happening In The Same Timestamp

From: Becky Vict <becky_vict@xxxxxxxxx>
Date: Fri, 16 Jun 2006 19:22:50 -0700 (PDT)
Hello again,

I had confirmed that all my TCP settings for both server and client follow RFC 3481 and MS WIndows Server 2003 TCP/IP Implementation Details.

So what else could be wrong?

Thanks.

BV

Becky Vict <becky_vict@xxxxxxxxx> wrote:
Hello Wireshark community,

I hope I can ask about ethereal here? Should I refer ethereal as Wireshark when I quote it for my paper?

If you had viewed my questions from ethereal mailing list, please excuse me. I hope everyone can bear this. For people that had kindly answered and gave tips, I appreciate it very much and thank you.

My problem is like this. I run ethereal at client side when I'm downloading a file from FTP server. I notice strange thing which is I'm getting packets from both server and client that occur in the exact same timestamp. I would get a TCP Segment Lost from server then followed by Dupack from client then Retransmission from server again all happening in the same timestamp.

Please take a look at my sample capture here:

www.darikawan.com

at the bottom left corner Download Here section.

I'm using -
.ethereal V 0.10.13 and winpcap 3.1.
.OS is XP Pro SP 1 both client and server.
.Zone Alarm (free version) on both server and client. All settings are ok.
.On server, the network card is D-Link DFE-538TX 10/100 adapter. It is connected to ADSL modem.
.On client, USB port.

I set Window Size to be 64kB at both client and server. If I modify this value, would this be considered shaping the packet to suit the slow link as suggested?

Or is the time difference too small for ethereal/winpcap to detect, like 0.0000000000000000000001567?

Thanks.

BV
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.