I don't think I can help, but I'm interested in your problem
Tom.
I've seen in the forum in the past where it is requested that you
send a subset of your packet capture to the forum. Just send the
packets that are in question. Much more info can be gotten from that than
your tables at the end of your email. From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Reynolds, Tom Sent: 2007-12-05 11:47 To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK,TCP Retransmission Hi
all, I am having a tough
time figuring this out, so I decided to pitch it to this
group. I am in the process of
moving my servers from one hosting company in Philadelphia to another company
located in Valley Forge. Both companies have a 10/100 Mbit/s pipe to the
internet. Our home office is in King of Prussia. I get great bandwidth
to and from the old company in Philadelphia, but poor speeds to the company in
Valley Forge. Downloads from Valley Forge seem ok sometimes.
After swapping and
reconfiguring everything at least 12 times (new Cisco 2960G switches, new ASA
5510 and 5520 firewalls), I have finally put a sniffer on the line and can’t
understand what I see. To simplify testing, I
have removed the VPN, and now test with FTP servers at each
location. Downloads and uploads
(from a DSL line) to Philadelphia. Everything is great. We get a
solid 3 Mb/s download and a solid 750k upload. Downloads from Valley
Forge to the DSL line are very poor, with almost double the time to download the
same 10 MB file. There are frequent drops from the 3Mb/s range to about
500k. I have actually seen worse than this. After looking at the
sniffer logs, here is what I see: (middle 10 packets 8950-8959,
right about the time of the bandwidth drops). Note that I am getting
a ton of: TCP Previous segment
lost TCP Dup
ACK TCP
Retransmission Are these TCP drops
normal for traffic over the internet? How many drops are
acceptable? How do I find out
where or why packets are dropping? Are there any other
free tools I can use to better track my packets through the
internet? Any help would be
appreciated. Thanks in
advance. No.
Time
Source
Destination Protocol
Info 8950
80.406846 66.104.107.217
71.242.248.10 FTP-DATA [TCP
Previous segment lost] FTP Data: 1260 bytes Frame 8950 (1314 bytes
on wire, 1314 bytes captured) Ethernet II, Src:
Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet Protocol,
Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission Control
Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6203105, Ack: 1,
Len: 1260 FTP
Data No.
Time Source
Destination
Protocol Info 8951
80.406910
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6199325
Win=65535 Len=0 SLE=6203105 SRE=6204365 SLE=6200585
SRE=6201845 Frame 8951 (74 bytes
on wire, 74 bytes captured) Ethernet II, Src:
Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet Protocol,
Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission Control
Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack: 6199325,
Len: 0 No.
Time
Source
Destination Protocol
Info 8952
80.410308 66.104.107.217
71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame 8952 (1314 bytes
on wire, 1314 bytes captured) Ethernet II, Src:
Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet Protocol,
Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission Control
Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6199325, Ack: 1,
Len: 1260 FTP
Data No.
Time
Source
Destination Protocol
Info 8953
80.410394
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6201845
Win=65535 Len=0 SLE=6203105 SRE=6204365 Frame 8953 (66 bytes
on wire, 66 bytes captured) Ethernet II, Src:
Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet Protocol,
Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission Control
Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack: 6201845,
Len: 0 No.
Time
Source
Destination Protocol
Info 8954
80.415232 66.104.107.217
71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame 8954 (1314 bytes
on wire, 1314 bytes captured) Ethernet II, Src:
Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet Protocol,
Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission Control
Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6201845, Ack: 1,
Len: 1260 FTP
Data No.
Time
Source
Destination Protocol
Info 8955
80.415284
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6204365
Win=65535 Len=0 Frame 8955 (54 bytes
on wire, 54 bytes captured) Ethernet II, Src:
Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet Protocol,
Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission Control
Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack: 6204365,
Len: 0 No.
Time
Source
Destination Protocol
Info 8956
80.418901 66.104.107.217
71.242.248.10 FTP-DATA [TCP
Previous segment lost] FTP Data: 1260 bytes Frame 8956 (1314 bytes
on wire, 1314 bytes captured) Ethernet II, Src:
Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet Protocol,
Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission Control
Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6205625, Ack: 1,
Len: 1260 FTP
Data No.
Time
Source
Destination Protocol
Info 8957
80.418940
71.242.248.10
66.104.107.217
TCP [TCP Dup ACK 8955#1] 5005 > ftp-data [ACK]
Seq=1 Ack=6204365 Win=65535 Len=0 SLE=6205625 SRE=6206885 Frame 8957 (66 bytes
on wire, 66 bytes captured) Ethernet II, Src:
Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet Protocol,
Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission Control
Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack: 6204365,
Len: 0 No.
Time
Source
Destination Protocol
Info 8958
80.422630 66.104.107.217
71.242.248.10 FTP-DATA [TCP
Retransmission] FTP Data: 1260 bytes Frame 8958 (1314 bytes
on wire, 1314 bytes captured) Ethernet II, Src:
Cisco_e6:46:18 (00:14:f2:e6:46:18), Dst: Dell_37:c4:a6
(00:15:c5:37:c4:a6) Internet Protocol,
Src: 66.104.107.217 (66.104.107.217), Dst: 71.242.248.10
(71.242.248.10) Transmission Control
Protocol, Src Port: ftp-data (20), Dst Port: 5005 (5005), Seq: 6204365, Ack: 1,
Len: 1260 FTP
Data No.
Time
Source
Destination Protocol
Info 8959
80.422697
71.242.248.10
66.104.107.217
TCP 5005 > ftp-data [ACK] Seq=1 Ack=6206885
Win=65535 Len=0 Frame 8959 (54 bytes
on wire, 54 bytes captured) Ethernet II, Src:
Dell_37:c4:a6 (00:15:c5:37:c4:a6), Dst: Cisco_e6:46:18
(00:14:f2:e6:46:18) Internet Protocol,
Src: 71.242.248.10 (71.242.248.10), Dst: 66.104.107.217
(66.104.107.217) Transmission Control
Protocol, Src Port: 5005 (5005), Dst Port: ftp-data (20), Seq: 1, Ack: 6206885,
Len: 0
|
- Follow-Ups:
- References:
- Prev by Date: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Next by Date: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Previous by thread: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Next by thread: Re: [Wireshark-users] FTP - TCP Previous segment lost, TCP Dup ACK, TCP Retransmission
- Index(es):