Wireshark-users: Re: [Wireshark-users] TCP retransmissions from Windows file server
Hello Hans
1st I would confirm that the retransmission are real problems. (you
say you have slowness so likely they are but best to check). Run
netstat /s on the servers of interest twice with a time interval
between to calculate the differnce in the stats reported. You'll also
be able to see if the server is discarding packets.
2nd check how you have your span port on your cisco switch setup. If
you have a server with retransmissions, span only the physical port
and see if you still have retransmissions.
3rd capture the packets and see what is marked as retransmitted
packets by wireshark to identify the cause of these packets.
Wiresharks will only mark retransmissions on packets with data in
them. also you need to look at tcp-analysis filters 'retransmission',
'fast tranmission' and 'out of order' as these are all definitions of
potential retransmissions. Some causes for retransmisions that are
not infrastructure related can be protocol related,eg DCERPC messages
between servers to sort out communication encryption options when you
don't use it, messages are repeated and marked as retransmissions. If
you have devices that take longer than 200ms to reply, the sender
assumes a lost packet and resends the original.
4th Different topic. slow servers. Identify the application/task that
is slow, capture the packets and use the netstats /s (see if server is
discarding packets). also look at the cisco port stats (see if switch
has interface problem or handshaking options with server causing
issues). Remember you need to check both ends of a conversation with
retransmissions. If the conversation is one packet one way and then
one back most of the time you won't get good performance (not good
network app), if the data transfered in a packet is in small packets
all the time you alos won't get good performance (unless app has
little data to transfer of course). Not the whole story as that would
need a book, but I hope this may help you on your way.
Kind regards
Andrew
On Thu, 19 Feb 2009 15:50:29 +0100
"Hans van Staveren" <sater@xxxxxxxxx> wrote:
While figuring out the (slightly disappointing) performance from
some
Windows file servers in a corporate environment I found some TCP
retransmissons using wireshark. Looking at the 'netstat -s -p tcp'
output
from the servers themselves I found a TCP segment retransmission
rate of
about 1%. My feeling is that this is a lot, given the fact that the
whole
network consists of three Cisco switches and two pieces of fiber.
1) Is my gut feeling right about 1% retransmissions being a lot in
this
environment?
2) The server guys told me they were using the HP teams driver on
the
servers, and that they heard that this would be a problem with Cisco
switches. This does not ring any bell with me.
Any help appreciated.
Hans
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe