On 04/23/2010 09:21 PM, Jake Peavy wrote:
On Fri, Apr 23, 2010 at 10:14 AM, Jeff Bruns <jeff.bruns@xxxxxxxxx
<mailto:jeff.bruns@xxxxxxxxx>> wrote:
Martin-
Thank you for your reply, your information was very helpful. I've
attached the wireshark screenshot, hopefully it helps the situation
to make more sense.
Regards-
Jeff
On Thu, Apr 22, 2010 at 9:09 PM, Martin Visser
<martinvisser99@xxxxxxxxx <mailto:martinvisser99@xxxxxxxxx>> wrote:
Jeff,
None of you links seem to be correct at all, only pointing to
the top level forum.
As far as seeing SYN attempts at increasing intervals, this is
pretty normal if you have connectivity issues. The response
should always be a SYN+ACK or a RST, Can't think of why a
half-open connection on the printer would respond to another SYN
with just an ACK.
Bottlenecks don't usually reveal themselves unless they are
stressed. Either you need to test the level that the bottlenecks
appears using your native applications, or traffic generator
tools such as iperf. By watching the amount of traffic that can
pass through the bottleneck (measured by whatever means such as
the network equipments stats, the load generator tool or say
Wireshark) you can determine at what point it becomes significant.
Regards, Martin
MartinVisser99@xxxxxxxxx <mailto:MartinVisser99@xxxxxxxxx>
On Fri, Apr 23, 2010 at 3:33 AM, Jeff Bruns
<jeff.bruns@xxxxxxxxx <mailto:jeff.bruns@xxxxxxxxx>> wrote:
Greetings-
I previously posted on the Devshed forums but haven't
received any response. Hopefully the wireshark community
might be able to help...
I wrote a perl program which acts as a network sniffer,
intercepting data sent to a networked laser printer
<http://forums.devshed.com/#>. The resulting data, once
parsed, is formatted and written to a serial port which has
connected a series of scrolling LED signboards. I've
recently been experiencing some issues with my network
traffic and I was hoping to get some advice on how to proceed.
I'm running Windows XP <http://forums.devshed.com/#>
connected to a 10Mbps wired LAN which is part of a larger
VPN. I've been using wireshark in my effort to better
understand my recent network issues.
The following scenario was an attempt to send data to our
networked laser printer <http://forums.devshed.com/#>. I was
able to capture the corresponding network traffic with
wireshark. I've attached a snapshot of the wireshark traffic.
My first question, which I'm under the assumption is out of
my control, has to do with the 5 repeated SYN packets,
despite the SYN, ACK that was sent immediately following the
first SYN. I'm thinking maybe the sender failed to receive
the SYN, ACK and as a result resent the SYN packet?? That
being the case, why is the receiver replying with repeated
ACK instead of SYN, ACK?
My next question has to do with the timeframe between each
of the following SYN packets. It would appear that the time
<http://forums.devshed.com/#> doubles after each sent SYN
packet. Given the precision of the time intervals I would
assume it has something to do with the retransmission timer
or persistence timer, although I'm curious as to why the
interval doubles after each attempt.
Information sent to our networked printer is time sensitive,
and as you can see from the timestamps shown throughout the
network traffic it takes almost 3 minutes to successfully
transmit the data <http://forums.devshed.com/#>.
My questions are:
1- Is there anything I can do to prevent the redundant SYN
attempts in the future?
2- Is there a way to decrease the timeout so that in the
event of future occurrences, the interval between SYN
attempts is expedited?
3- In the event data loss <http://forums.devshed.com/#> is
suspected due to network congestion or quality, are there
any diagnostics I could perform to identify bottlenecks?
Below is a link to a wireshark screenshot showing the
packets within the message. It being my first time posing to
the list, I'm not sure if I'm permitted to include
attachments, so the screenshot is a link to the devshed post
attachment. If it would be helpful and I'm permitted I'd be
happy to attach the wireshark pcap dump file.
Any help would be greatly appreciated.
http://blog.ksplice.com/2010/04/dating-is-rough-at-the-transport-layer/
Brilliant :))
Thanks,
Jaap