Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
|
We
have been having major slowness across our wan by our terminal services users
for quite some time now. I believe I may be on to the culprit, but am now at a
point where I don’t know enough to draw any real conclusions. The machine
I am looking at is a windows server 2003 machine and it is the proxy for
terminal services. We use Provision IT for ts and this machine is what everyone
connects to get get the next available server. When I run the capture I see
many instances of tcp segment of a reassembled pdu followed by a few tcp window
update ack statements and tcp dup ack statements. I can send a copy of the cap
file if anyone wants to look at it. Here is a little of what I saw: 89
0.656889
10.0.8.61
10.0.34.59
TCP [TCP Retransmission] 3389 > 1103 [PSH,
ACK] Seq=3606 Ack=232 Win=16899 Len=651
90 0.656892
10.0.8.61
10.0.34.59
TCP [TCP Retransmission] 3389 > 1103 [ACK]
Seq=5857 Ack=232 Win=16899 Len=1460
91 0.662871
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [PSH, ACK] Seq=232 Ack=3606
Win=33580 Len=17
92 0.681224
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=249 Ack=5857
Win=31329 Len=0 SLE=7317 SRE=7457
93 0.681263
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=13690 Ack=249
Win=16882 Len=1460
94 0.681275
10.0.8.61 10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=15150 Ack=249
Win=16882 Len=140
95 0.681294
10.0.8.61
10.0.8.65
TCP 1197 > 3389 [PSH, ACK] Seq=294 Ack=33625
Win=8264 Len=17
96 0.681334 10.0.8.61 10.0.8.65
TCP [TCP Window Update] 1197 > 3389 [ACK]
Seq=311 Ack=33625 Win=17520 Len=0
97 0.682287
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=249 Ack=5857 Win=33580 Len=0 SLE=7317 SRE=7457
98 0.692365
10.0.8.65
10.0.8.61
TCP 3389 > 1197 [PSH, ACK] Seq=33625 Ack=311
Win=65043 Len=108
99 0.704877
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=249 Ack=7457
Win=31980 Len=0
100 0.704904
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=15290 Ack=249
Win=16882 Len=1460
101 0.704909
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=16750 Ack=249
Win=16882 Len=140
102 0.704925
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=16890 Ack=249
Win=16882 Len=1460
103 0.705506
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=249 Ack=7457 Win=33580 Len=0
104 0.720064
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 99#2] 1103 > 3389 [ACK]
Seq=249 Ack=7457 Win=33580 Len=0 SLE=8917 SRE=9830
105 0.720078
10.0.8.61
10.0.34.59 TCP
3389 > 1103 [PSH, ACK] Seq=18350 Ack=249 Win=16882 Len=140
106 0.744003
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=249 Ack=9830
Win=31207 Len=0
107 0.744112
10.0.8.61
10.0.34.59 TCP
3389 > 1103 [ACK] Seq=18490 Ack=249 Win=16882 Len=1460
108 0.744131
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=19950 Ack=249
Win=16882 Len=140
109 0.744837
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=249 Ack=9830 Win=33580 Len=0
110 0.757426
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 106#2] 1103 > 3389 [ACK]
Seq=249 Ack=9830 Win=33580 Len=0 SLE=11290 SRE=12090
111 0.781512
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=249 Ack=12090
Win=31320 Len=0
112 0.781584
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=20090 Ack=249
Win=16882 Len=1460
113 0.781599
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=21550 Ack=249
Win=16882 Len=140
114 0.781634
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=21690 Ack=249
Win=16882 Len=1460
115 0.781657
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=23150 Ack=249
Win=16882 Len=140
116 0.782323
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=249 Ack=12090 Win=33580 Len=0
117 0.784018
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 111#2] 1103 > 3389 [ACK] Seq=249
Ack=12090 Win=33580 Len=0 SLE=13550 SRE=13690
118 0.787913
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [PSH, ACK] Seq=249 Ack=12090
Win=33580 Len=24
119 0.808513
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=273 Ack=13690
Win=31980 Len=0
120 0.808562
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=23290 Ack=273
Win=16858 Len=1460
121 0.808574
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=24750 Ack=273
Win=16858 Len=140
122 0.809210
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=273 Ack=13690 Win=33580 Len=0
123 0.814411
10.0.8.65
10.0.8.61 TCP
3389 > 1197 [PSH, ACK] Seq=33733 Ack=311 Win=65043 Len=49
124 0.814426
10.0.8.61
10.0.8.65
TCP 1197 > 3389 [ACK] Seq=311 Ack=33782
Win=17363 Len=0
125 0.819004
10.0.34.59
10.0.8.61 TCP
[TCP Dup ACK 119#2] 1103 > 3389 [ACK] Seq=273 Ack=13690 Win=33580 Len=0
126 0.843185
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 119#3] 1103 > 3389 [ACK]
Seq=273 Ack=13690 Win=33580 Len=0
127 0.843202 10.0.8.61
10.0.34.59
TCP [TCP Retransmission] 3389 > 1103 [ACK]
Seq=13690 Ack=273 Win=16858 Len=1460
128 0.846004
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 119#4] 1103 > 3389 [ACK]
Seq=273 Ack=13690 Win=33580 Len=0 SLE=15150 SRE=15290
129 0.870622
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=273 Ack=15290
Win=31980 Len=0
130 0.870653
10.0.8.61
10.0.8.65
TCP 1197 > 3389 [PSH, ACK] Seq=311 Ack=33782
Win=17363 Len=24
131 0.870758
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=273 Ack=15290 Win=33580 Len=0
132 0.872783
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 129#2] 1103 > 3389 [ACK]
Seq=273 Ack=15290 Win=33580 Len=0 SLE=16750 SRE=16890
133 0.872798
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [ACK] Seq=24890 Ack=273
Win=16858 Len=1460
134 0.881773 10.0.8.65 10.0.8.61
TCP 3389 > 1197 [PSH, ACK] Seq=33782 Ack=335
Win=65019 Len=33
135 0.897209
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=273 Ack=16890
Win=31980 Len=0
136 0.897946 10.0.34.59 10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=273 Ack=16890 Win=33580 Len=0
137 0.899647
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 135#2] 1103 > 3389 [ACK]
Seq=273 Ack=16890 Win=33580 Len=0 SLE=18350 SRE=18490
138 0.899662
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=26350 Ack=273
Win=16858 Len=1460
139 0.923980
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=273 Ack=18490
Win=31980 Len=0
140 0.924661
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=273 Ack=18490 Win=33580 Len=0
141 0.926484
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 139#2] 1103 > 3389 [ACK]
Seq=273 Ack=18490 Win=33580 Len=0 SLE=19950 SRE=20090
142 0.926500
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=27810 Ack=273
Win=16858 Len=1460
143 0.936823
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [PSH, ACK] Seq=273 Ack=18490
Win=33580 Len=24
144 0.950964
10.0.34.59
10.0.8.61
TCP 1103 > 3389 [ACK] Seq=297 Ack=20090
Win=31980 Len=0
145 0.951874
10.0.34.59
10.0.8.61
TCP [TCP Window Update] 1103 > 3389 [ACK]
Seq=297 Ack=20090 Win=33580 Len=0
146 0.953498
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 144#2] 1103 > 3389 [ACK] Seq=297
Ack=20090 Win=33580 Len=0 SLE=21550 SRE=21690
147 0.953513
10.0.8.61
10.0.34.59
TCP 3389 > 1103 [PSH, ACK] Seq=29270 Ack=297
Win=16834 Len=1460
148 0.956559
10.0.34.59
10.0.8.61
TCP [TCP Dup ACK 144#3] 1103 > 3389 [ACK]
Seq=297 Ack=20090 Win=33580 Len=0 SLE=23150 SRE=23290 |
_______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- Follow-Ups:
- Re: [Ethereal-users] major slowness using terminal services
- From: Sake Blok
- Re: [Ethereal-users] major slowness using terminal services
- Prev by Date: [Ethereal-users] Re: Dissector based on UDP Src or Dst port to find the direction of packets
- Next by Date: [Ethereal-users] .dmp file format...
- Previous by thread: [Ethereal-users] Re: Dissector based on UDP Src or Dst port to find the direction of packets
- Next by thread: Re: [Ethereal-users] major slowness using terminal services
- Index(es):
