Wireshark-users: Re: [Wireshark-users] Intermittant trouble getting to internet
From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>
Date: Fri, 6 Nov 2009 16:15:41 -0500
That is really helpful information, Oliver....and when I saved the text and put it in a .html file, it showed the exact home page for yahoo.com with yesterday's date....I was impressed. Here's one more question; I noticed that the trace I posted yesterday showed the end user's machine talking to the proxy using HTTP 1.1. Today, using the same browser (IE 7) from my machine, I did a capture through the same proxy server and loaded www.yahoo.com. The interesting thing was that my machine only used HTTP 1.0. I checked my browswer's advanced settings and confirmed that is was configured to use HTTP 1.1 whenever possible. Can anyone explain why some machine's going through the proxy use HTTP 1.1 to yahoo and others use HTTP 1.0 ? Thanks John -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wsgd Sent: Friday, November 06, 2009 2:57 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Intermittant trouble getting to internet Hello, "TCP segments of a reassembled PDU" means : the current packet is ONLY a part of a PDU (or message or HTTP request or HTTP answer or ...) In wireshark, the complete PDU (or message or ...) is displayed on the last packet of the PDU. And the protocol (in this case HTTP) is displayed ONLY on the last packet of the PDU. So, in your case, all "TCP segments of a reassembled PDU" packets are all part of 1 HTTP answer. So here you have : - 105 packets TCP / "TCP segments of a reassembled PDU" / TCP Len: 1460 - 1 last packet HTTP / "HTTP/1.0 200 OK\r\n" / TCP Len: 445 which gives a total length of 153745 bytes which seems a quite big html page to me (but why not). I do not see any problem from network point of view. Select the "HTTP/1.0 200 OK\r\n" packet, right click on "Line-based text data: text/html", click on copy / Bytes (Printable text only). Ctrl+V into notepad. Save it as <any_name>.html. This is the html page to display. Which seems a valid html page. Olivier Sheahan, John a écrit : > > The problem I am trying to troubleshoot is that some browsers > intermittently have super slow access to the Internet through the > proxy. When someone types in a URL, the browser just stalls out and > then finally renders the page. > > I have a trace file that shows the .64 address initiating to the proxy > server .201 address on port 8080. > > The .64 address does an HTTP get with their browser to yahoo.com and > after that, the trace shows that .201 sends dozens of "TCP segments of > a reassembled PDU" , all of which are ACKed by .64.but the odd thing > is, none of this data is HTTP, all the packets are very large (1460 > bytes) and all are received within the same second. > > Finally, .201 sends an HTTP packet that shows the actual yahoo.com web > page also within the same second but yet the client (.64) complains > they never see the page. > > Does this flow of data look normal to anyone? > > If so, can you please give me any suggestions as to why the client is > not seeing data? > > (This happens with both IE and Firefox so it's not a browser problem). > > My thought is that something is wrong with the workstation other than > the browser..perhaps spyware? > > Thanks > > John > > ------------------------------------------------------------------------ > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] Intermittant trouble getting to internet
- From: Sheahan, John
- Re: [Wireshark-users] Intermittant trouble getting to internet
- From: wsgd
- [Wireshark-users] Intermittant trouble getting to internet
- Prev by Date: [Wireshark-users] Shaw Secure, F-Secure calling home
- Next by Date: Re: [Wireshark-users] Sniffing communication between virtual machines
- Previous by thread: Re: [Wireshark-users] Intermittant trouble getting to internet
- Next by thread: [Wireshark-users] Problems transfering Clear Text files over a WAN LINK
- Index(es):