Wireshark-users: [Wireshark-users] Problem interpreting message

From: "William Grayson" <wgrayson@xxxxxxxxxx>
Date: Tue, 14 Nov 2006 09:14:44 -0500

Dear Wireshark Team:

 

I’ve attached a trace of a single test transaction from Shaws. This is one transaction out of a run of 1000 that they did. Please confirm/correct my interpretation of this trace.

 

What I see is them taking 2 seconds to ACK the handshake, and then they send the transaction (line 33626). We turn the transaction around in about 70ms (33656). It then takes about 2 seconds to get their FIN/ACK (34150), resulting in an overall time of a little over 4 seconds to that point.  So from what I can see the time they see of 4+ sec is almost entirely network/Shaws delay. Do you see anything that indicates a possibility that we are introducing a delay?

 

We are monitoring more than one port – so you grab the packet twice, once at the internal firewall interface, and once at the server.

 

 

Will Grayson

Senior Network Engineer

 

inComm

250 Williams Street

Suite M-100

Atlanta, GA 30303

 

Office # (678) 367-6462

Cell #: (908) 477-4799

Email: wgrayson@xxxxxxxxxx

Web: http://www.incomm.com

 

Attachment: ShawsSampleTrans.pcap
Description: ShawsSampleTrans.pcap