What is the best way to filter traffic to see why a pair of servers which are built identical, one of them will cause the network to come to a screeching halt while the other one quietly does its job and works properly? SQL is running on them for an application. I have a capture of both of them, the noisy ones expert info shows ACKed segment that wasn't captured (common at capture start)1026 The transmission window is now completely full 154 TCP 'Previous segment not captured (common at capture start)' There are about 20 connection resets and 18 TCP zero window segment. Thanks in advance asked 01 Jun '15, 10:44  MacBee |
One Answer:
A server that brings "the network to a screeching halt"?! That sounds really strange, because servers should not have that much power over the network performance, and if they do something is really really going wrong. Can you share your captures? Because your symptoms are not really telling much. "Previous segment not captured" could be packet loss, but they can also be dropped packets. Connection resets are normal as well these days and need closer investigation to see if they mean trouble. Zero Window is most interesting, as it points to a performance problem of the server that sends the Window size of zero. Use http://www.cloudshark.org if you can share the capture, if not, see if you can sanitize it with TraceWrangler first. answered 01 Jun '15, 10:52  Jasper ♦♦ |
I ran the tracewrangler on it but the file size is too large according to the cloudshark site..they are 50Megabyte and larger..
B
Okay, then maybe you got access to something like Dropbox that doesn't restrict your file size?
Yes I do, if you send me your email address I will send you a link.
Bee
Okay, send it to jasper [ät] packet-foo.com