Wireshark-users: [Wireshark-users] troubleshooting ftp timeout using wireshark

From: luis pena <glyph_dtd@xxxxxxxxx>
Date: Thu, 28 Feb 2008 08:56:19 -0800 (PST)
Hello all, my first post so forgive me if I omit any info.

I am observing a FTP timeout on our network that I am hoping to pin down using Wireshark.

The network is an 18 node Frame Relay WAN. Nodes are connected via point-to-point T1 using Cisco 2600s to a central hub (Site A) which provides our connection out to the Internet. Our IT Department is located in two sites (Site B) and (Site C).
I first came across this issue when our payroll dept. complained that they could not upload a file to the payroll company that cuts our checks (oh no not payroll!). I found out that the problem has been occurring over the course of a couple weeks. There is no way for me to tell what has changed over the last couple weeks!

Using Filezilla in passive mode on Ubuntu Gutsy I am trying to upload a 100MB file to a private FTP server on the Internet. I am able to recreate the timeout at Site B and Site C. The System Administrator at Site A is not experiencing the upload timeout.

There is an ISA proxy server that sits between Site B & C and has been configured to allow FTP traffic. To be on the safe side I am bypassing proxy altogether. The problem persists when bypassing proxy as well. Windows firewalls are disabled via Group Policy. Hmmmm...
I fired up Wireshark and filtered out the following: FTP & FTP-DATA. The FTP-DATA packets are show a lot (about 50%) of retransmission packets. FTP shows a <retransmission request> packet; the TCP checksum field states that the problem may be a TCP checksum offload. If I may assume that the problem is at Layer 4 and that there is a TCP segment sequencing error originating on our network. What steps have I missed and where so I look next in the troubleshooting process?
Thank you in advance.
Luis Pena


Never miss a thing. Make Yahoo your homepage.