Wireshark-users: Re: [Wireshark-users] newbie question
From: Tim Takata <tim.takata@xxxxxxxxx>
Date: Thu, 25 Feb 2010 15:27:22 -0800
and oh if you haven't already and your devices allow tracert, try
running a trace route to see if there are any devices in route with a
higher response
time, could help id the bottle neck if its not your web server. cheers, tim On 2/25/2010 1:54 PM, Tony Manetta wrote:
lets try that again...here are the frames No. Time Source Destination Protocol Info 248 14.550042 192.168.1.44 24.92.226.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] Frame 248 (1078 bytes on wire, 1078 bytes captured) Ethernet II, Src: Sony_d9:95:99 (00:1a:80:d9:95:99), Dst: Cisco_d0:4f:11 (00:24:14:d0:4f:11) Internet Protocol, Src: 192.168.1.44 (192.168.1.44), Dst: 24.92.226.11 (24.92.226.11) Transmission Control Protocol, Src Port: 50748 (50748), Dst Port: http (80), Seq: 190, Ack: 26, Len: 1024 Source port: 50748 (50748) Destination port: http (80) [Stream index: 8] Sequence number: 190 (relative sequence number) [Next sequence number: 1214 (relative sequence number)] Acknowledgement number: 26 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 16688 Checksum: 0x4ef6 [validation disabled] [SEQ/ACK analysis] [Number of bytes in flight: 1024] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [Expert Info (Note/Sequence): Retransmission (suspected)] [Message: Retransmission (suspected)] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.294203000 seconds] [RTO based on delta from frame: 246] [Reassembled PDU in frame: 246] TCP segment data (1024 bytes) No. Time Source Destination Protocol Info 249 14.550713 24.92.226.11 192.168.1.44 HTTP [TCP Retransmission] HTTP/1.1 100 Continue Frame 249 (79 bytes on wire, 79 bytes captured) Ethernet II, Src: Cisco_d0:4f:11 (00:24:14:d0:4f:11), Dst: Sony_d9:95:99 (00:1a:80:d9:95:99) Internet Protocol, Src: 24.92.226.11 (24.92.226.11), Dst: 192.168.1.44 (192.168.1.44) Transmission Control Protocol, Src Port: http (80), Dst Port: 50748 (50748), Seq: 1, Ack: 190, Len: 25 Source port: http (80) Destination port: 50748 (50748) [Stream index: 8] Sequence number: 1 (relative sequence number) [Next sequence number: 26 (relative sequence number)] Acknowledgement number: 190 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 260 Checksum: 0x53fb [validation disabled] [SEQ/ACK analysis] [Number of bytes in flight: 25] [TCP Analysis Flags] [This frame is a (suspected) retransmission] [Expert Info (Note/Sequence): Retransmission (suspected)] [Message: Retransmission (suspected)] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.294992000 seconds] [RTO based on delta from frame: 245] Hypertext Transfer Protocol HTTP/1.1 100 Continue\r\n [Expert Info (Chat/Sequence): HTTP/1.1 100 Continue\r\n] [Message: HTTP/1.1 100 Continue\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 100 \r\n No. Time Source Destination Protocol Info 250 14.550738 192.168.1.44 24.92.226.11 TCP [TCP Dup ACK 248#1] 50748> http [ACK] Seq=1214 Ack=26 Win=16688 Len=0 SLE=1 SRE=26 Frame 250 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: Sony_d9:95:99 (00:1a:80:d9:95:99), Dst: Cisco_d0:4f:11 (00:24:14:d0:4f:11) Internet Protocol, Src: 192.168.1.44 (192.168.1.44), Dst: 24.92.226.11 (24.92.226.11) Transmission Control Protocol, Src Port: 50748 (50748), Dst Port: http (80), Seq: 1214, Ack: 26, Len: 0 Source port: 50748 (50748) Destination port: http (80) [Stream index: 8] Sequence number: 1214 (relative sequence number) Acknowledgement number: 26 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) Window size: 16688 Checksum: 0x1126 [validation disabled] Options: (12 bytes) [SEQ/ACK analysis] [This is an ACK to the segment in frame: 249] [The RTT to ACK the segment was: 0.000025000 seconds] [TCP Analysis Flags] [This is a TCP duplicate ack] [Duplicate ACK #: 1] [Duplicate to the ACK in frame: 248] [Expert Info (Note/Sequence): Duplicate ACK (#1)] [Message: Duplicate ACK (#1)] [Severity level: Note] [Group: Sequence] __________________________________________________________________ Tony Manetta, MBA, MCP Supervisor of Networking Technology and Services UDSMR 716-817-7850 (office) 716-479-6258 (mobile) On 2/25/2010 4:54 PM, Tony Manetta wrote:Hi just tried using wireshark to see if a network issue is causing sever slowness when logging into a web server....i'm having issues understanding the output of the trace...can anyone help? when i login locally, the login time is approximately 4 seconds but when i login across the web, it's over 25 seconds which is unacceptable. if this isnt appropriate use of this list, i apologize in advance....below are 3 frames which first start showing up as issues in my capture...any ideas are greatly appreciated....___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] newbie question
- From: Tony Manetta
- Re: [Wireshark-users] newbie question
- From: Tony Manetta
- [Wireshark-users] newbie question
- Prev by Date: Re: [Wireshark-users] newbie question
- Next by Date: [Wireshark-users] TCP Dup Ack Issues with Comcast vs. Cablevision
- Previous by thread: Re: [Wireshark-users] newbie question
- Next by thread: [Wireshark-users] TCP Dup Ack Issues with Comcast vs. Cablevision
- Index(es):