Dotan Shavit wrote:
> Some lines are missing (e.g. 29, 30) so we can't tell if your machine is
> ACKing the received packets. Is it?
>
Missing packages are of different IP.
> Does ethereal give more info about the "red lines"?
>
All red lines have bad checksum errors. (took me a while to figure out
how to get details). Hare is an example:
Transmission Control Protocol, Src Port: http (80), Dst Port: 60098
(60098), Seq: 1, Ack: 223, Len: 1360
Source port: http (80)
Destination port: 60098 (60098)
Sequence number: 1 (relative sequence number)
Next sequence number: 1361 (relative sequence number)
Acknowledgement number: 223 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xbb79 [incorrect, should be 0x62dd (maybe caused by "TCP
checksum offload"?)]
Good Checksum: False
Bad Checksum: True
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 5740292, TSecr 3347878
SEQ/ACK analysis
TCP Analysis Flags
The RTO for this segment was: 2.992574000 seconds
RTO based on delta from frame: 27
> #
>
> On Wednesday 16 January 2008, David Harel wrote:
>
>> Dotan Shavit wrote:
>>
>>> On Tuesday 15 January 2008, David Harel wrote:
>>>
>>>> Tried to use pastebin.com but the file is binary. Any suggestion?
>>>>
>>> Open the file with ethereal (AKA wireshark) and look for the following
>>> packets:
>>> 1. DNS query
>>> 2. DNS reply
>>> 3. SYN
>>> 4. SYN ACK (probably missing)
>>>
>>> Which packets are missing?
>>>
>> After initiating the request (DNS OK, Some lines are in red on black and
>> have some red lines in the description):
>> 20 3.636778 192.168.1.5 213.8.106.67 TCP 60098 > http
>> [SYN] Seq=0 Win=5648 Len=0 MSS=1412 TSV=3347876 TSER=0 WS=2
>> 21 3.654125 213.8.106.67 192.168.1.5 TCP http > 60098
>> [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1360 WS=0 TSV=0 TSER=023
>> 3.656709 192.168.1.5 213.8.106.67 HTTP GET / HTTP/1.0
>> 22 3.654141 192.168.1.5 213.8.106.67 TCP 60098 > http
>> [ACK] Seq=1 Ack=1 Win=5648 Len=0 TSV=3347877 TSER=0
>> 23 3.656709 192.168.1.5 213.8.106.67 HTTP GET / HTTP/1.0
>> 24 3.709561 213.8.106.67 192.168.1.5 IP Fragmented IP
>> protocol (proto=TCP 0x06, off=0) [Reassembled in #25]
>> 25 3.710717 213.8.106.67 192.168.1.5 HTTP HTTP/1.1 200 OK
>> (text/html)
>> 26 3.716829 213.8.106.67 192.168.1.5 IP Fragmented IP
>> protocol (proto=TCP 0x06, off=0) [Reassembled in #27]
>> 27 3.717623 213.8.106.67 192.168.1.5 HTTP Continuation or
>> non-HTTP traffic
>> 28 3.724516 213.8.106.67 192.168.1.5 TCP [TCP Dup ACK
>> 27#1] http > 60098 [ACK] Seq=2721 Ack=223 Win=65535 Len=0 TSV=5734292
>> TSER=3347878
>> 31 4.710162 213.8.106.67 192.168.1.5 IP Fragmented IP
>> protocol (proto=TCP 0x06, off=0) [Reassembled in #32]
>> 32 4.710727 213.8.106.67 192.168.1.5 HTTP [TCP
>> Retransmission] HTTP/1.1 200 OK (text/html)
>> 36 6.709628 213.8.106.67 192.168.1.5 IP Fragmented IP
>> protocol (proto=TCP 0x06, off=0) [Reassembled in #37]
>> 37 6.710197 213.8.106.67 192.168.1.5 HTTP [TCP
>> Retransmission] HTTP/1.1 200 OK (text/html)
>>
>> Last retransmit and ip fragmented lines reappear many times.
>>
>>
>>> #
>>>
>>>
>>>>> Let's try to debug this.
>>>>>
>>>>> Shachar
>>>>>
>
>
>
>
--
Regards.
David Harel,
==================================
Home office +972 77 7657645
Fax: +972 77 7657645
Cellular: +972 54 4534502
Snail Mail: Amuka
D.N Merom Hagalil
13802
Israel
Email: [EMAIL PROTECTED]
