|
Thx. One particular capture shows a
count of 1534 suspected retransmissions (that number seems high). When I
look at the details I see [TCP Retransmission] Close Response. The protocol
in question is SMB. The communication is between a workstation and a SQL
server. Not sure what the close response means. Is this a valid
retransmission? Or is there a preference setting I’m missing? Albert Jurado Network Manager First Commercial Insurance Company 2300 W 84 St. Hialeah, FL 33016 Phone: (305) 820-4848 ex. 1206 Mobile: (305) 873-4400 Email: ajurado@xxxxxxxxxxxxxxxx From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Visser,
Martin You won't find a "average re-transmission" statement
because there really isn't one. On a well provisioned local area network you
could expect it to be zero. On a heavily congested wireless or WAN network
it might be 20% before it becomes unworkable. If
netstat -s shows retransmission by the client than either the workstation or
the LAN should show retransmissions. (The client will retransmit either if it
receives if receives duplicate ACKs for segments it has said or if the
retransmission timeout (RTO) the TCP stack calculates has exceeded before it
receives an ACK. On
Wireshark if you seclect Analyze:Expert Info Composite and Notes tab you will
see a TCP retransmission count if you are getting any. You can also just apply
the Display Filter "tcp.analysis.retransmission" to see all relevant
packets. If
you are getting a lot of retransmissions where client and server are on
a local switched LAN you may want to look at the physical error counts on
your switches - and look for physical layer issues. Regards,
Martin Martin Visser
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Albert
Jurado I’m in the mist of troubleshooting possible high
network re-transmissions. I’m basically attempting to capture
enough data to prove that the network is not the bottle neck. I have
complaints from user that their systems are slow but it seems that the application
they are using is the bottleneck. We have several in-house developed
applications that the end users uses that communicates with a SQL server.
They also browse the internet frequently. I’ve been looking for
articles that describe what the average re-transmission rate is for a standard
TCP/IP networked workstation but I could not find any. I’ve
attempted a simple test like running the trouble application and then
performing a simple copy & paste (of a 1gb file) from a file server to the
workstation’s desktop while pinging the SQL server at the same time and I
did not see the time change from <1ms. The application ran slow.
Plus the file copied over without any issue. A brief description of the network is as follows. We
have 5 floors with each floor having a wiring closet. In each closet we
have a Cisco 3750 cluster of switches. Each floor has fiber running down
to the core switch on the 2nd floor. The reason we suspect re-transmission is because some
workstations show a high “segments retransmitted” when you run
netstat –s. If I run Wireshark on the suspect workstations what
should I be looking for in the capture? Will I capture re-transmission
that corresponds to the netstat –s output? Thx. Albert |
- Follow-Ups:
- Re: [Wireshark-users] Possible network latency
- From: Visser, Martin
- Re: [Wireshark-users] Possible network latency
- References:
- [Wireshark-users] Possible network latency
- From: Albert Jurado
- Re: [Wireshark-users] Possible network latency
- From: Visser, Martin
- [Wireshark-users] Possible network latency
- Prev by Date: Re: [Wireshark-users] Compiling problems
- Next by Date: Re: [Wireshark-users] Dissector for ANSI TCAP NATIONAL code:0 not implemented.
- Previous by thread: Re: [Wireshark-users] Possible network latency
- Next by thread: Re: [Wireshark-users] Possible network latency
- Index(es):