Wireshark-users: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransm
Send the PCAP as an attachment?
The actual capture is only about 20 MB in size. From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Trevor Tolk I don't think I can help, but I'm interested in your problem Tom. I've seen in the forum in the past where it is requested that you
send a subset of your packet capture to the forum. Just
send the packets that are in question. Much more info can be gotten
from that than your tables at the end of your email. From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Reynolds,
Tom Hi
all, I
am having a tough time figuring this out, so I decided to pitch it to this
group. I
am in the process of moving my servers from one hosting company in Philadelphia
to another company located in Valley Forge. Both companies have a 10/100
Mbit/s pipe to the internet. Our home office is in King of Prussia. I
get great bandwidth to and from the old company in Philadelphia, but poor
speeds to the company in Valley Forge. Downloads from Valley Forge seem
ok sometimes. After
swapping and reconfiguring everything at least 12 times (new Cisco 2960G
switches, new ASA 5510 and 5520 firewalls), I have finally put a sniffer on the
line and can’t understand what I see. To
simplify testing, I have removed the VPN, and now test with FTP servers at each
location. Downloads
and uploads (from a DSL line) to Philadelphia. Everything is great.
We get a solid 3 Mb/s download and a solid 750k upload. Downloads
from Valley Forge to the DSL line are very poor, with almost double the time to
download the same 10 MB file. There are frequent drops from the 3Mb/s
range to about 500k. I have actually seen worse than this. After
looking at the sniffer logs, here is what I see: (middle 10 packets
8950-8959, right about the time of the bandwidth drops). Note
that I am getting a ton of: TCP
Previous segment lost TCP
Dup ACK TCP
Retransmission Are
these TCP drops normal for traffic over the internet? How
many drops are acceptable? How
do I find out where or why packets are dropping? Are
there any other free tools I can use to better track my packets through the
internet? Any
help would be appreciated. Thanks
in advance. No.
Time
Source
Destination
Protocol Info
8950 80.406846
66.104.107.217
71.242.248.10 FTP-DATA [TCP
Previous segment lost] FTP Data: 1260 bytes Frame
8950 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6203105,
Ack: 1, Len: 1260 FTP
Data No.
Time Source
Destination
Protocol Info
8951 80.406910
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6199325
Win=65535 Len=0 SLE=6203105 SRE=6204365 SLE=6200585 SRE=6201845 Frame
8951 (74 bytes on wire, 74 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6199325, Len: 0 No.
Time
Source
Destination
Protocol Info
8952 80.410308
66.104.107.217
71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame
8952 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6 (00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6199325,
Ack: 1, Len: 1260 FTP
Data No.
Time
Source
Destination
Protocol Info
8953 80.410394
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6201845
Win=65535 Len=0 SLE=6203105 SRE=6204365 Frame
8953 (66 bytes on wire, 66 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6201845, Len: 0 No.
Time
Source
Destination
Protocol Info
8954 80.415232
66.104.107.217
71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame
8954 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6201845,
Ack: 1, Len: 1260 FTP
Data No.
Time
Source
Destination
Protocol Info
8955 80.415284
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6204365
Win=65535 Len=0 Frame
8955 (54 bytes on wire, 54 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6204365, Len: 0 No.
Time
Source
Destination
Protocol Info
8956 80.418901
66.104.107.217
71.242.248.10 FTP-DATA [TCP
Previous segment lost] FTP Data: 1260 bytes Frame
8956 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6205625,
Ack: 1, Len: 1260 FTP
Data No.
Time
Source
Destination Protocol
Info
8957 80.418940
71.242.248.10
66.104.107.217
TCP [TCP Dup ACK 8955#1] 5005 > ftp-data [ACK]
Seq=1 Ack=6204365 Win=65535 Len=0 SLE=6205625 SRE=6206885 Frame
8957 (66 bytes on wire, 66 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6204365, Len: 0 No.
Time
Source
Destination
Protocol Info
8958 80.422630
66.104.107.217
71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame
8958 (1314 bytes on wire, 1314 bytes captured) Ethernet
II, Src: Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet
Protocol, Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission
Control Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6204365,
Ack: 1, Len: 1260 FTP
Data No.
Time
Source
Destination
Protocol Info
8959 80.422697
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6206885
Win=65535 Len=0 Frame
8959 (54 bytes on wire, 54 bytes captured) Ethernet
II, Src: Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet
Protocol, Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217 (66.104.107.217) Transmission
Control Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack:
6206885, Len: 0
|
- Follow-Ups:
- References:
- Prev by Date: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Next by Date: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Previous by thread: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Next by thread: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Index(es):