This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

So I have very limited experience with wireshark, but my isp is telling me that my latency issues aren't coming from them and that it's possibly malicious, DoS or DDoS or somesuch. I'm trying to teach myself the basics, and the wiki is a great resource, but I was hoping for some expert opinions. School is pretty hectic atm, so I don't have a lot of time to learn this stuff, though I'm trying. You can download my capture file here, if anyone feels up to it -> http://tinyurl.com/ozptvm5 Already sanitized, I think.

Any pointers on figuring this out for myself if no one feels up to scanning through my cap?

asked 06 Nov '14, 18:55

dewbydo's gravatar image

dewbydo
11113
accept rate: 0%


The only latency issue that I see in the trace is for client port tcp.port eq 58403 where your SYN packet gets dropped and your windows takes 3 seconds for the first retransmission.
All other delays tcp.analysis.ack_rtt ge 0.2 are caused by delayed acknowledgments.

There is a hotfix out there that allows to reduce the minRTO value in Windows: http://support.microsoft.com/kb/2472264

After you install this hotfix, you can configure the following TCP configurations by using the netsh command:

Configuration 1: Initial RTO

netsh interface tcp set global <for help>
netsh interface tcp set global initialRto=<value in msec>
netsh interface tcp show global

Note This command displays the values that are set.

Warning : Setting a low value of Initial RTO could result in failure to connect.


Regards Matthias

permanent link

answered 07 Nov '14, 12:10

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Thanks, I'll look into this. Any idea what a good iRTO time would be? Or this an experimentation thing?

(07 Nov '14, 16:45) dewbydo

A better - still conservative - iRTO is probably 200 ms. It is a matter of the average RTT of your connections. As they will vary depending on where you are connecting to, there is no 'one size fits all' iRTO though.

(07 Nov '14, 22:43) mrEEde

hey i have the same issue but and worse for me it stems from a video game on ps4 and theses trying to be so slick and constantly guys are trying to hack manipulate and some how mess with my connection i run wire shark and it will say for some reason it shut down my laptop and ps4 all of a sudden sounds like their are working so hard ive been trying get rid of these guys for several months its been so aggravating ive been looking for hackers to get them back but i really just want my connection fixed it always dropps drastically im supposed to get 100 upload and 20 down i only get 10 and under all kinds of errors ive had 7 technitians from my provider switched modems countless times and switched providers and still i could use anyone's help thank you

(08 Nov '14, 10:51) MostUnlikedO...
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×22
×14
×5
×1

question asked: 06 Nov '14, 18:55

question was seen: 1,624 times

last updated: 08 Nov '14, 11:32

p​o​w​e​r​e​d by O​S​Q​A