Dotan Shavit wrote:
> Some lines are missing (e.g. 29, 30) so we can't tell if your machine is > ACKing the received packets. Is it? > Missing packages are of different IP. > Does ethereal give more info about the "red lines"? > All red lines have bad checksum errors. (took me a while to figure out how to get details). Hare is an example: Transmission Control Protocol, Src Port: http (80), Dst Port: 60098 (60098), Seq: 1, Ack: 223, Len: 1360 Source port: http (80) Destination port: 60098 (60098) Sequence number: 1 (relative sequence number) Next sequence number: 1361 (relative sequence number) Acknowledgement number: 223 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xbb79 [incorrect, should be 0x62dd (maybe caused by "TCP checksum offload"?)] Good Checksum: False Bad Checksum: True Options: (12 bytes) NOP NOP Timestamps: TSval 5740292, TSecr 3347878 SEQ/ACK analysis TCP Analysis Flags The RTO for this segment was: 2.992574000 seconds RTO based on delta from frame: 27 > # > > On Wednesday 16 January 2008, David Harel wrote: > >> Dotan Shavit wrote: >> >>> On Tuesday 15 January 2008, David Harel wrote: >>> >>>> Tried to use pastebin.com but the file is binary. Any suggestion? >>>> >>> Open the file with ethereal (AKA wireshark) and look for the following >>> packets: >>> 1. DNS query >>> 2. DNS reply >>> 3. SYN >>> 4. SYN ACK (probably missing) >>> >>> Which packets are missing? >>> >> After initiating the request (DNS OK, Some lines are in red on black and >> have some red lines in the description): >> 20 3.636778 192.168.1.5 213.8.106.67 TCP 60098 > http >> [SYN] Seq=0 Win=5648 Len=0 MSS=1412 TSV=3347876 TSER=0 WS=2 >> 21 3.654125 213.8.106.67 192.168.1.5 TCP http > 60098 >> [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1360 WS=0 TSV=0 TSER=023 >> 3.656709 192.168.1.5 213.8.106.67 HTTP GET / HTTP/1.0 >> 22 3.654141 192.168.1.5 213.8.106.67 TCP 60098 > http >> [ACK] Seq=1 Ack=1 Win=5648 Len=0 TSV=3347877 TSER=0 >> 23 3.656709 192.168.1.5 213.8.106.67 HTTP GET / HTTP/1.0 >> 24 3.709561 213.8.106.67 192.168.1.5 IP Fragmented IP >> protocol (proto=TCP 0x06, off=0) [Reassembled in #25] >> 25 3.710717 213.8.106.67 192.168.1.5 HTTP HTTP/1.1 200 OK >> (text/html) >> 26 3.716829 213.8.106.67 192.168.1.5 IP Fragmented IP >> protocol (proto=TCP 0x06, off=0) [Reassembled in #27] >> 27 3.717623 213.8.106.67 192.168.1.5 HTTP Continuation or >> non-HTTP traffic >> 28 3.724516 213.8.106.67 192.168.1.5 TCP [TCP Dup ACK >> 27#1] http > 60098 [ACK] Seq=2721 Ack=223 Win=65535 Len=0 TSV=5734292 >> TSER=3347878 >> 31 4.710162 213.8.106.67 192.168.1.5 IP Fragmented IP >> protocol (proto=TCP 0x06, off=0) [Reassembled in #32] >> 32 4.710727 213.8.106.67 192.168.1.5 HTTP [TCP >> Retransmission] HTTP/1.1 200 OK (text/html) >> 36 6.709628 213.8.106.67 192.168.1.5 IP Fragmented IP >> protocol (proto=TCP 0x06, off=0) [Reassembled in #37] >> 37 6.710197 213.8.106.67 192.168.1.5 HTTP [TCP >> Retransmission] HTTP/1.1 200 OK (text/html) >> >> Last retransmit and ip fragmented lines reappear many times. >> >> >>> # >>> >>> >>>>> Let's try to debug this. >>>>> >>>>> Shachar >>>>> > > > > -- Regards. David Harel, ================================== Home office +972 77 7657645 Fax: +972 77 7657645 Cellular: +972 54 4534502 Snail Mail: Amuka D.N Merom Hagalil 13802 Israel Email: [EMAIL PROTECTED]