Wireshark-users: Re: [Wireshark-users] newbie question
From: Tim Takata <tim.takata@xxxxxxxxx>
Date: Thu, 25 Feb 2010 15:13:22 -0800
Are you testing from your own internal network?And when you say login - are you referring to just loading a page or actually logging in to the website via http/https?
I use to support IIS heavily so isolation and recreation of the actual scenario is key in troubleshooting as you already know.
If the site's sluggishness is from external connections then I'd try troubleshooting with an external IP. Evidently your
doing several hops from your 192. address with a proxy (assumed due to the HTTP 100 stat) so..., if you are troubleshooting
for the connection route that you used for this capture, id say to look at your device logs between you and the web server
and maybe run some perfcounters on your web server to see where the bottleneck is.
Technet has good reference on perf counters @ http://technet.microsoft.com/en-us/library/cc776490%28WS.10%29.aspx
I visited http://www.udsmr.org/ and it clicking a few links everything was quite responsive.
Maybe someone can actually pinpoint other areas. Best of luck Tim On 2/25/2010 1:54 PM, Tony Manetta wrote:
lets try that again...here are the frames No. Time Source Destination Protocol Info 248 14.550042 192.168.1.44 24.92.226.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 248 (1078 bytes on wire, 1078 bytes captured) Ethernet II, Src: Sony_d9:95:99 (00:1a:80:d9:95:99), Dst: Cisco_d0:4f:11 (00:24:14:d0:4f:11) Internet Protocol, Src: 192.168.1.44 (192.168.1.44), Dst: 24.92.226.11 (24.92.226.11) Transmission Control Protocol, Src Port: 50748 (50748), Dst Port: http (80), Seq: 190, Ack: 26, Len: 1024 Source port: 50748 (50748) Destination port: http (80) [Stream index: 8] Sequence number: 190 (relative sequence number) [Next sequence number: 1214 (relative sequence number)] Acknowledgement number: 26 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 16688 Checksum: 0x4ef6 [validation disabled] [SEQ/ACK analysis] [Number of bytes in flight: 1024] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [Expert Info (Note/Sequence): Retransmission (suspected)] [Message: Retransmission (suspected)] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.294203000 seconds] [RTO based on delta from frame: 246] [Reassembled PDU in frame: 246] TCP segment data (1024 bytes) No. Time Source Destination Protocol Info 249 14.550713 24.92.226.11 192.168.1.44 HTTP [TCP Retransmission] HTTP/1.1 100 Continue Frame 249 (79 bytes on wire, 79 bytes captured) Ethernet II, Src: Cisco_d0:4f:11 (00:24:14:d0:4f:11), Dst: Sony_d9:95:99 (00:1a:80:d9:95:99) Internet Protocol, Src: 24.92.226.11 (24.92.226.11), Dst: 192.168.1.44 (192.168.1.44) Transmission Control Protocol, Src Port: http (80), Dst Port: 50748 (50748), Seq: 1, Ack: 190, Len: 25 Source port: http (80) Destination port: 50748 (50748) [Stream index: 8] Sequence number: 1 (relative sequence number) [Next sequence number: 26 (relative sequence number)] Acknowledgement number: 190 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 260 Checksum: 0x53fb [validation disabled] [SEQ/ACK analysis] [Number of bytes in flight: 25] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [Expert Info (Note/Sequence): Retransmission (suspected)] [Message: Retransmission (suspected)] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.294992000 seconds] [RTO based on delta from frame: 245] Hypertext Transfer Protocol HTTP/1.1 100 Continue\r\n [Expert Info (Chat/Sequence): HTTP/1.1 100 Continue\r\n] [Message: HTTP/1.1 100 Continue\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 100 \r\n No. Time Source Destination Protocol Info 250 14.550738 192.168.1.44 24.92.226.11 TCP [TCP Dup ACK 248#1] 50748> http [ACK] Seq=1214 Ack=26 Win=16688 Len=0 SLE=1 SRE=26 Frame 250 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: Sony_d9:95:99 (00:1a:80:d9:95:99), Dst: Cisco_d0:4f:11 (00:24:14:d0:4f:11) Internet Protocol, Src: 192.168.1.44 (192.168.1.44), Dst: 24.92.226.11 (24.92.226.11) Transmission Control Protocol, Src Port: 50748 (50748), Dst Port: http (80), Seq: 1214, Ack: 26, Len: 0 Source port: 50748 (50748) Destination port: http (80) [Stream index: 8] Sequence number: 1214 (relative sequence number) Acknowledgement number: 26 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) Window size: 16688 Checksum: 0x1126 [validation disabled] Options: (12 bytes) [SEQ/ACK analysis] [This is an ACK to the segment in frame: 249] [The RTT to ACK the segment was: 0.000025000 seconds] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 248] [Expert Info (Note/Sequence): Duplicate ACK (#1)] [Message: Duplicate ACK (#1)] [Severity level: Note] [Group: Sequence] __________________________________________________________________ Tony Manetta, MBA, MCP Supervisor of Networking Technology and Services UDSMR 716-817-7850 (office) 716-479-6258 (mobile) On 2/25/2010 4:54 PM, Tony Manetta wrote:Hi just tried using wireshark to see if a network issue is causing sever slowness when logging into a web server....i'm having issues understanding the output of the trace...can anyone help? when i login locally, the login time is approximately 4 seconds but when i login across the web, it's over 25 seconds which is unacceptable. if this isnt appropriate use of this list, i apologize in advance....below are 3 frames which first start showing up as issues in my capture...any ideas are greatly appreciated....___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] newbie question
- From: Tony Manetta
- Re: [Wireshark-users] newbie question
- From: Tony Manetta
- [Wireshark-users] newbie question
- Prev by Date: Re: [Wireshark-users] newbie question
- Next by Date: Re: [Wireshark-users] newbie question
- Previous by thread: Re: [Wireshark-users] newbie question
- Next by thread: Re: [Wireshark-users] newbie question
- Index(es):