This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

File transfer disconnects when transfering files greater than 1Gb between two Win 2k3 servers

0

Hello Wireshark Gurus,

I am having a problem where file transfers between two windows server machines are failing mid way sometimes when the file exceeds 1/2Gb in size.

I have attached a link that points to the pcap:

https://dl.dropboxusercontent.com/u/11187256/172.26.44.18.pcapng

source is 192.168.141.131 dst is 172.26.44.18

I am seeing errors at the end of the file and trying to explain to Microsoft has gotten me no where. Can you please take a look and assist if you can.

asked 09 Jun '14, 14:02

Sigma55's gravatar image

Sigma55
5114
accept rate: 0%

edited 11 Jun '14, 04:47

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

1

Looks to me like 192.168.141.131 stops sending data in the middle of a 61440 byte sized data chunk. Since the other PC with IP 172.26.44.18 does not receive any further data it resets the session in packet 282192, after close to 30 seconds of "silence" - probably a timeout.

Next step: capture next to 192.168.141.131 to find out if it really stops sending or if the packets just do not make it through anymore.

Two tips here:

  1. Capturing on one of the affected systems isn't optimal, see http://blog.packet-foo.com/2014/05/the-drawbacks-of-local-packet-captures/
  2. Putting 300+ MB file up for download only makes sense if you really need all the payload. In your case you could probably greatly reduce the size by only capturing the first 256 bytes of each packet, which should include all SMB headers. There is an option in the capture settings where you can limit how much bytes are kept for each packet.

answered 09 Jun '14, 14:31

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thank you for your quick response.

I have read the article and it sheds some light on why you shouldn't do it. Should I instead to the capture on a system connected to the same network off a switchport?

I will also look into limiting the size of the capture as you mentioned.

Feedback to follow.

Joe

(10 Jun '14, 08:01) Sigma55

Yes, capturing on an additional system connected to a SPAN port would help avoiding those problems. Of course that requires that the switch can do SPAN ports.

(11 Jun '14, 00:34) Jasper ♦♦

OK. did some more testing. turns out, that server is the only server that has problems copying the files. All the other servers can copy the files without error on the same network. I will use the SPAN port to monitor further but it seems to be a software problem.

Thank you very much for your time sir.

(12 Jun '14, 10:27) Sigma55