This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Analysis request - for a server at my University

0

Hello

I have many TCP retransmission errors (over 230 during 46 seconds) on a FTP transfer between my home laptop and a remote FTP server at my University and this issue is going for months without being able to find the cause. On any other server, FTP transfer is going strong, so it is not on my laptop side.

I captured a 15 MB file in .cap format showing what I just described and maybe more. But I am not an expert in packets analysis and I don't know what to do next. That is why I am asking for your help.

If you agree to help, please tell me where to upload the captured file and if there is more info needed, I will try to do my best to answer.

Thank you.

asked 21 Jan '11, 13:50

masster64's gravatar image

masster64
1111
accept rate: 0%

If you see a lot of retrans, it's probably a duplex mismatch on that server. You should ask the ops guys to make sure the duplex settings match. (especially if ftp to other servers are consistently good). IT can be due to small tcp window size, but trace file would be required to analyze it. You can always use box.net to host the files. don't forget to chop it to headers using editcap (editcap -s 96 orig_file.pcap new_file.pcap)

(21 Jan '11, 20:58) hansangb

I guess you're right about small TCP window. here is what TCP parameters are on server now:

« SpeedGuide.net TCP Analyzer Results » Tested on: 01.23.2011 18:12 IP address: 141.85.xxx.xx Client OS: Linux Ubuntu

TCP options string: 020405b40101040201030307 MSS: 1460 MTU: 1500 TCP Window: 5888 (NOT multiple of MSS) RWIN Scaling: 7 bits (2^7=128) Unscaled RWIN : 46 Recommended RWINs: 64240, 128480, 256960, 513920, 1027840 BDP limit (200ms): 236kbps (29KBytes/s) BDP limit (500ms): 94kbps (12KBytes/s) MTU Discovery: ON TTL: 47 Timestamps: OFF SACKs: ON IP ToS: 00000000 (0)

(23 Jan '11, 15:18) masster64

TCP Window: 5888 (NOT multiple of MSS) is waaaay too low for a 100Mbps external bandwith, right ?

1) Is there a software on Linux to calculate optimal TCP parameters ? Like SG TCP Optimizer on Win32 (http://www.speedguide.net/downloads.php)

2) Right now I put the following lines in sysctl.conf, issued a sysctl -p command, but nothing changed after reboot :(

net.core.rmem_default = 256960

net.core.rmem_max = 1027840

net.core.wmem_default = 256960

net.core.wmem_max = 1027840

net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_sack = 1

net.ipv4.tcp_window_scaling = 1

(23 Jan '11, 15:31) masster64

One Answer:

0

If you send the file with YouSendIt or any other file transfer service to my mailbox (see my profile page for the address), I'm more than happy to have a look...

answered 21 Jan '11, 14:14

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

thank you. I've send it by mail, subject "Analysis file from Wireshark forum".

(22 Jan '11, 03:48) masster64

Converted your answer to a comment. See: http://ask.wireshark.org/questions/292/example-of-how-to-use-askwiresharkorg-and-how-not-to

(22 Jan '11, 04:21) SYN-bit ♦♦

Hmmm... I did not receive the file yet, it might be too big for normal mail.

(22 Jan '11, 04:36) SYN-bit ♦♦

I have just tested downloading a big file on server via HTTP. Same issue. So it is not FTP only related. [URL=http://img442.imageshack.us/i/upanddown.jpg/][IMG]http://img442.imageshack.us/img442/4324/upanddown.th.jpg[/IMG][/URL]

(22 Jan '11, 04:41) masster64

I upped it on Megaupload at http://www.megaupload.com/?d=XOLJ929N The above image is at http://img442.imageshack.us/img442/4324/upanddown.jpg

(22 Jan '11, 04:50) masster64

did you get the file ok ?

(25 Jan '11, 03:09) masster64
showing 5 of 6 show 1 more comments