At 04:28 PM 12/29/2006, Small, James wrote:
Hello, I am using Wireshark to look at mail traffic
(SMTP/POP3). When I look at the trace I see lots of the following:
Previous Segment Lost Retransmission (suspected) Duplicate ACKs I'm
suspecting that this is exacerbated by not having enough Internet
bandwidth. My question is, how do I interpret this? Does this show
that I don't have enough bandwidth? Does it mean there needs to be
tuning? I realize this is not an easy question and would be very
happy even with a go ready book ABC answer - just as long as once I
read book ABC I would know how to interpret the data. Any and all
advice greatly appreciated.
First thing I would check is to make sure you don't have a duplex
mismatch. Chances are, you are using some type of a cable modem
router. These devices for the most part auto-negotiate. You don't
(typically) have much of a choice in the matter.
So it's imperative that your PC's NIC is in auto-negotiate mode.
There really aren't to many books on using protocol analyzers. The
reason is that to TRULY understand protocol analysis, you need in
depth understanding of the protocols itself. Then, you need a lot of
practice reading trace files as this is more art then science.
hsb