2 of my servers are trying to download a virus signature file from McAfee site and it just kept timing out. I plugged my PC directly to the switch and I was able to download the file without any problem. I am using Wireshark to see what is going on with my servers. I saw [tcp dup ack 674#2] and [tcp zerowindow], and [tcp out-of-order]. I am not familiar with those errors. May be you can tell me the meaning of those errors. Thanks asked 15 Jul '13, 10:51 character9 |
One Answer:
TCP Duplicate acknowledgement is an error recovery behavior w.r.t TCP protocol.TCP Duplicate acknowledgement(from receiver) notifies (to sender) that one or more segments lost during transmission.After this notification sender realizes that there is a loss and tries to retransmit the lost segment. TCP Zero-window indicates that the receiver buffer filled up and doesn't have any space to process the data from sender.This indicates the sender to stall the data transmission until receiver indicates that it got some free buffer to process. TCP Out of Order: Check out the link below http://ask.wireshark.org/questions/1698/tcp-out-of-order-what-does-it-means answered 15 Jul '13, 11:00 krishnayeddula edited 15 Jul '13, 11:01 So is it valid to say that the time out issue is due to the TCP zero-window as the source does not have space to process the downloaded data? Is there any feature or techniques in Wireshark that I can use to pinpoint the issue. Thank you. (15 Jul '13, 17:42) character9 |
is it possible to post the capture files somewhere (google docs, dropbox, etc.)?