Hi all, I'm rather new to being able to diagnose problems from tcpdumps so please forgive me. We're getting connectivity issues between two of ours sites, a dump of a http trace shows regular TCP retransmissions. What are the next steps to diagnose what's going on, and more importantly how to fix it? Below is a small sample of the trace.
Any help would be greatly appreciated. asked 01 Apr '11, 03:35 Alan Hollis |
2 Answers:
You probably need to describe in more detail waht "connectivity issues" you mean. Are you talking about initiating connections, or throughput issues or timeouts/pauses in your application, or something else? The sample you have give is only for 14ms - a pretty short time period - yet a lot is happening, so it is possibly a fairly fast link. From what we can see, this connection is using SACK (selective acknowledgment) to recover from a lost packet. All this is fairly normal, and possibly the result of congestion. answered 01 Apr '11, 05:26 martyvis |
Thank you very much for your reply. At the time there was only one request coming from my machine to that host. I guess by congestion you mean other machines on the network using that link?. The link between the two subnets is a 10 megabyte per second Ethernet link, which shouldn't be congested at all I don't believe. We have 7 machines in the office and maybe two of them in total SHOULD be communicating with this link at any one time? Would that be something worth investigating? The problem came to light because every so often a soap message we use to determine information about some software is failing, and generating alarms. The trace is of a http request to a webserver sitting on the .2 subnet is that helps. Thanks again for your reply it's very much appreciated. Alan answered 01 Apr '11, 06:50 Alan Hollis edited 01 Apr '11, 07:04 |
If you can post the actual packet capture somewhere, I'm sure more people can help you. But it looks to me like you have a duplex mismatch. Make sure the swtitchport and the NICs all match.
Thanks again. The full csv file is here (http://www.alanhollis.com/work/tcpdump) unfortunately I didn't save the full dump. I'll have a go at looking at all the duplex settings now. Thanks for your reply!