Wireshark-users: Re: [Wireshark-users] tcp segment of a reassembled pdu
Dave, It’s hard to say without more
information but two areas that I have found to make a significant difference in
Internet performance are looking at the MTU/MSS and adjusting the TCP receive
window up (sometimes enabling window scaling). Especially on high speed
Internet Circuits (100 Mbps and up), my experience has been that if you do not
adjust the TCP receive window up you often do not utilize the full bandwidth. From what you said below though, you first
might want to look at the minimum MTU through the entire path. For TCP, if
the MSS is too high you will get segments spread over multiple packets which
sounds like what you have below. Is your firewall or Cisco router
adjusting the MSS? This is not unusual. Sometimes though the remote
end will ignore the MSS option and assume that it can use whatever MSS it wants
(usually up to 1460). This can cause performance issues. You might
want to sniff traffic before the firewall and after the Cisco router to see if
there are any alterations to the TCP SYN packet and also to the reply SYN
packet from the remote end. If you have never dived into TCP tuning
before my favorite book is still Steven’s TCP/IP Illustrated, Volume I
although it is getting a bit dated and is UNIX orientated. Depending on
what Operating System(s) you are using, perhaps someone could recommend
something else. You might also find some of the following
sites of interest: http://www.speakeasy.net/speedtest/ http://miranda.ctd.anl.gov:7123/ http://www.psc.edu/networking/projects/tcptune/ http://www.dslreports.com/tweaks http://dast.nlanr.net/Projects/Iperf/ http://www.kohala.com/start/tcpipiv1.html Hope this helps, --Jim From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Dave Hassall Downloads of large files from the internet appear to be very slow. In
fact ethereal shows that the 1MB file downloads fine at 70mbps but that this is
followed by a huge number of “tcp
segment of a reassembled pdu” messages and then a huge number of “continuation or non-https traffic”
messages and it is these 2 groups of messages that cause a further delay of 5
minutes. Our internet connection is via a Fortigate 800F firewall and cisco
router and 100mbps circuit Any suggestions of where to look next gratefully received Thanks Head of Network Services BA2 9BN t +44(0)1225 875545 f +44(0)1225 875444 m 07980008704 |
- Prev by Date: [Wireshark-users] tcp segment of a reassembled pdu
- Next by Date: Re: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
- Previous by thread: [Wireshark-users] tcp segment of a reassembled pdu
- Next by thread: [Wireshark-users] Trace files for public download?
- Index(es):