Wireshark-users: Re: [Wireshark-users] newbie question
From: jack craig <jcraig@xxxxxxxxxxxxx>
Date: Thu, 25 Feb 2010 14:37:43 -0800
hey tony, as one newbie to another, i thought to suggest the expert mode. yes, i know that doest make sense, but! after you do your capture, analyze->expert info and take a look at the tabs.i found the expert mode highlighted serious stuff without my having to look at the details.
try also the various statistics options and see if they too don't also shed some hi-level light on your issues?
sadly, i am just scratching the surface of individual packet contents decoding.
hth, jackc... On 02/25/2010 01:54 PM, Tony Manetta wrote:
lets try that again...here are the frames No. Time Source Destination Protocol Info 248 14.550042 192.168.1.44 24.92.226.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 248 (1078 bytes on wire, 1078 bytes captured) Ethernet II, Src: Sony_d9:95:99 (00:1a:80:d9:95:99), Dst: Cisco_d0:4f:11 (00:24:14:d0:4f:11) Internet Protocol, Src: 192.168.1.44 (192.168.1.44), Dst: 24.92.226.11 (24.92.226.11) Transmission Control Protocol, Src Port: 50748 (50748), Dst Port: http (80), Seq: 190, Ack: 26, Len: 1024 Source port: 50748 (50748) Destination port: http (80) [Stream index: 8] Sequence number: 190 (relative sequence number) [Next sequence number: 1214 (relative sequence number)] Acknowledgement number: 26 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 16688 Checksum: 0x4ef6 [validation disabled] [SEQ/ACK analysis] [Number of bytes in flight: 1024] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [Expert Info (Note/Sequence): Retransmission (suspected)] [Message: Retransmission (suspected)] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.294203000 seconds] [RTO based on delta from frame: 246] [Reassembled PDU in frame: 246] TCP segment data (1024 bytes) No. Time Source Destination Protocol Info 249 14.550713 24.92.226.11 192.168.1.44 HTTP [TCP Retransmission] HTTP/1.1 100 Continue Frame 249 (79 bytes on wire, 79 bytes captured) Ethernet II, Src: Cisco_d0:4f:11 (00:24:14:d0:4f:11), Dst: Sony_d9:95:99 (00:1a:80:d9:95:99) Internet Protocol, Src: 24.92.226.11 (24.92.226.11), Dst: 192.168.1.44 (192.168.1.44) Transmission Control Protocol, Src Port: http (80), Dst Port: 50748 (50748), Seq: 1, Ack: 190, Len: 25 Source port: http (80) Destination port: 50748 (50748) [Stream index: 8] Sequence number: 1 (relative sequence number) [Next sequence number: 26 (relative sequence number)] Acknowledgement number: 190 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 260 Checksum: 0x53fb [validation disabled] [SEQ/ACK analysis] [Number of bytes in flight: 25] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [Expert Info (Note/Sequence): Retransmission (suspected)] [Message: Retransmission (suspected)] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.294992000 seconds] [RTO based on delta from frame: 245] Hypertext Transfer Protocol HTTP/1.1 100 Continue\r\n [Expert Info (Chat/Sequence): HTTP/1.1 100 Continue\r\n] [Message: HTTP/1.1 100 Continue\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 100 \r\n No. Time Source Destination Protocol Info 250 14.550738 192.168.1.44 24.92.226.11 TCP [TCP Dup ACK 248#1] 50748> http [ACK] Seq=1214 Ack=26 Win=16688 Len=0 SLE=1 SRE=26 Frame 250 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: Sony_d9:95:99 (00:1a:80:d9:95:99), Dst: Cisco_d0:4f:11 (00:24:14:d0:4f:11) Internet Protocol, Src: 192.168.1.44 (192.168.1.44), Dst: 24.92.226.11 (24.92.226.11) Transmission Control Protocol, Src Port: 50748 (50748), Dst Port: http (80), Seq: 1214, Ack: 26, Len: 0 Source port: 50748 (50748) Destination port: http (80) [Stream index: 8] Sequence number: 1214 (relative sequence number) Acknowledgement number: 26 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) Window size: 16688 Checksum: 0x1126 [validation disabled] Options: (12 bytes) [SEQ/ACK analysis] [This is an ACK to the segment in frame: 249] [The RTT to ACK the segment was: 0.000025000 seconds] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 248] [Expert Info (Note/Sequence): Duplicate ACK (#1)] [Message: Duplicate ACK (#1)] [Severity level: Note] [Group: Sequence] __________________________________________________________________ Tony Manetta, MBA, MCP Supervisor of Networking Technology and Services UDSMR 716-817-7850 (office) 716-479-6258 (mobile) On 2/25/2010 4:54 PM, Tony Manetta wrote:Hi just tried using wireshark to see if a network issue is causing sever slowness when logging into a web server....i'm having issues understanding the output of the trace...can anyone help? when i login locally, the login time is approximately 4 seconds but when i login across the web, it's over 25 seconds which is unacceptable. if this isnt appropriate use of this list, i apologize in advance....below are 3 frames which first start showing up as issues in my capture...any ideas are greatly appreciated....___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
-- Jack Craig Software Engineer 831.461.7100 x120 www.extraview.com
- References:
- [Wireshark-users] newbie question
- From: Tony Manetta
- Re: [Wireshark-users] newbie question
- From: Tony Manetta
- [Wireshark-users] newbie question
- Prev by Date: Re: [Wireshark-users] newbie question
- Next by Date: Re: [Wireshark-users] newbie question
- Previous by thread: Re: [Wireshark-users] newbie question
- Next by thread: Re: [Wireshark-users] newbie question
- Index(es):