Wireshark-users: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmissi
Hi
all, I
am having a tough time figuring this out, so I decided to pitch it to this
group. I
am in the process of moving my servers from one hosting company in Philadelphia
to another company located in Valley Forge. Both companies have a 10/100
Mbit/s pipe to the internet. Our home office is in King of Prussia. I
get great bandwidth to and from the old company in Philadelphia, but poor
speeds to the company in Valley Forge. Downloads from Valley Forge seem ok
sometimes. After
swapping and reconfiguring everything at least 12 times (new Cisco 2960G
switches, new ASA 5510 and 5520 firewalls), I have finally put a sniffer on the
line and can’t understand what I see. To
simplify testing, I have removed the VPN, and now test with FTP servers at each
location. Downloads
and uploads (from a DSL line) to Philadelphia. Everything is great. We get a
solid 3 Mb/s download and a solid 750k upload. Downloads
from Valley Forge to the DSL line are very poor, with almost double the time to
download the same 10 MB file. There are frequent drops from the 3Mb/s range to
about 500k. I have actually seen worse than this. After
looking at the sniffer logs, here is what I see: (middle 10 packets
8950-8959, right about the time of the bandwidth drops). Note
that I am getting a ton of: TCP
Previous segment lost TCP
Dup ACK TCP
Retransmission Are
these TCP drops normal for traffic over the internet? How
many drops are acceptable? How
do I find out where or why packets are dropping? Are
there any other free tools I can use to better track my packets through the
internet? Any
help would be appreciated. Thanks
in advance. No.
Time Source Destination Protocol Info
8950 80.406846 66.104.107.217 71.242.248.10 FTP-DATA [TCP
Previous segment lost] FTP Data: 1260 bytes Frame
8950 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6 (00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6203105,
Ack: 1, Len: 1260 FTP
Data No.
Time Source Destination Protocol Info
8951 80.406910 71.242.248.10 66.104.107.217 TCP 5005 >
ftp-data [ACK] Seq=1 Ack=6199325 Win=65535 Len=0 SLE=6203105 SRE=6204365
SLE=6200585 SRE=6201845 Frame
8951 (74 bytes on wire, 74 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6199325, Len: 0 No.
Time Source Destination Protocol Info
8952 80.410308 66.104.107.217 71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame
8952 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6199325,
Ack: 1, Len: 1260 FTP
Data No.
Time Source Destination Protocol Info
8953 80.410394 71.242.248.10 66.104.107.217 TCP 5005 >
ftp-data [ACK] Seq=1 Ack=6201845 Win=65535 Len=0 SLE=6203105 SRE=6204365 Frame
8953 (66 bytes on wire, 66 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6201845, Len: 0 No.
Time Source Destination Protocol Info
8954 80.415232 66.104.107.217 71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame
8954 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6201845,
Ack: 1, Len: 1260 FTP
Data No.
Time Source Destination Protocol Info
8955 80.415284 71.242.248.10 66.104.107.217 TCP 5005 >
ftp-data [ACK] Seq=1 Ack=6204365 Win=65535 Len=0 Frame
8955 (54 bytes on wire, 54 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6204365, Len: 0 No.
Time Source Destination Protocol Info
8956 80.418901 66.104.107.217 71.242.248.10 FTP-DATA [TCP
Previous segment lost] FTP Data: 1260 bytes Frame
8956 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6205625,
Ack: 1, Len: 1260 FTP
Data No.
Time Source Destination Protocol Info
8957 80.418940 71.242.248.10 66.104.107.217 TCP [TCP Dup
ACK 8955#1] 5005 > ftp-data [ACK] Seq=1 Ack=6204365 Win=65535 Len=0
SLE=6205625 SRE=6206885 Frame
8957 (66 bytes on wire, 66 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6204365, Len: 0 No.
Time Source Destination Protocol Info
8958 80.422630 66.104.107.217 71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame
8958 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6204365,
Ack: 1, Len: 1260 FTP
Data No.
Time Source Destination Protocol Info
8959 80.422697 71.242.248.10 66.104.107.217 TCP 5005 >
ftp-data [ACK] Seq=1 Ack=6206885 Win=65535 Len=0 Frame
8959 (54 bytes on wire, 54 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6206885, Len: 0
|
- Follow-Ups:
- Prev by Date: Re: [Wireshark-users] RTP over UDP not automatically detected
- Next by Date: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Previous by thread: Re: [Wireshark-users] RTP over UDP not automatically detected
- Next by thread: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Index(es):