This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Latency issues, ISP says possibly a malicious source and to download wireshark and take a look at my traffic. Any help on looking?

0

So I have very limited experience with wireshark, but my isp is telling me that my latency issues aren't coming from them and that it's possibly malicious, DoS or DDoS or somesuch. I'm trying to teach myself the basics, and the wiki is a great resource, but I was hoping for some expert opinions. School is pretty hectic atm, so I don't have a lot of time to learn this stuff, though I'm trying. You can download my capture file here, if anyone feels up to it -> http://tinyurl.com/ozptvm5 Already sanitized, I think.

Any pointers on figuring this out for myself if no one feels up to scanning through my cap?

asked 06 Nov '14, 18:55

dewbydo's gravatar image

dewbydo
11113
accept rate: 0%


One Answer:

1

The only latency issue that I see in the trace is for client port tcp.port eq 58403 where your SYN packet gets dropped and your windows takes 3 seconds for the first retransmission.
All other delays tcp.analysis.ack_rtt ge 0.2 are caused by delayed acknowledgments.

There is a hotfix out there that allows to reduce the minRTO value in Windows: http://support.microsoft.com/kb/2472264

After you install this hotfix, you can configure the following TCP configurations by using the netsh command:

Configuration 1: Initial RTO

netsh interface tcp set global <for help>
netsh interface tcp set global initialRto=<value in msec>
netsh interface tcp show global

Note This command displays the values that are set.

Warning : Setting a low value of Initial RTO could result in failure to connect.


Regards Matthias

answered 07 Nov ‘14, 12:10

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Thanks, I’ll look into this. Any idea what a good iRTO time would be? Or this an experimentation thing?

(07 Nov ‘14, 16:45) dewbydo

A better - still conservative - iRTO is probably 200 ms. It is a matter of the average RTT of your connections. As they will vary depending on where you are connecting to, there is no ‘one size fits all’ iRTO though.

(07 Nov ‘14, 22:43) mrEEde

hey i have the same issue but and worse for me it stems from a video game on ps4 and theses trying to be so slick and constantly guys are trying to hack manipulate and some how mess with my connection i run wire shark and it will say for some reason it shut down my laptop and ps4 all of a sudden sounds like their are working so hard ive been trying get rid of these guys for several months its been so aggravating ive been looking for hackers to get them back but i really just want my connection fixed it always dropps drastically im supposed to get 100 upload and 20 down i only get 10 and under all kinds of errors ive had 7 technitians from my provider switched modems countless times and switched providers and still i could use anyone’s help thank you

(08 Nov '14, 10:51) MostUnlikedO...