Hi, I was wondering if someone could assist me? So for the past month and could not decipher the issue that im having. Currently Running pfSense with OpenVPN, squid3, squidguard, Ntopng,Sarg, lightsquid, and WPAD. The internet service has 28mbps down and up 15mbps with ping 31ms Many users been complaining for the past weeks about slow lag internet I really did not notice until I tried navigating a few sites and all of sudden it would not load the website it would take maybe around 5 seconds which is not much but is not very acceptable when you have 28mbps. I want to first check if there is something wrong with the settings of Squid before seeing if there’s an issue with the cables or the switches. All the users are forcefully navigating though WPAD because I blocked them on ports 443-80 Without transparent proxy. See pictures. Also we have a SQL database(Virtual machine) which users go to the browser (192.168.1.206) and report information(MRP) but when they are going to report it, it get stuck showing as 0(packet loss not sending to the server 192.168.1.206), or times they say it won’t load the webpage (192.168.1.206) So im not sure if it’s the proxy itself of the WPAD or the switches? The VLAN That I created for the devices which is on 192.168.40.0/24, These devices only purpose is to connect only to 192.168.1.206 (via browser), I did this because thinking of arp congestion but still there complaining about it. And for the rest of the LAN 192.168.1.0/24 they mostly go to websites and at times there is lag. So then I had to check with wireshark. The packet capture was ran from pfSense (around 5mins) which I then downloaded to see what was going on. Which then I realized that there was massive amounts of TCP Retransmission, and 2 TCP zero windows (thinking might be the network card of pfSense) Now what I can’t determine is it the switch itself or the server? At one point thought it was the DNS but I saw that most DNS requests were less then 150ms. Packet Capture (sorry it’s a tad bit heavy 136mb): https://mega.nz/#!RsAh1CKA!gxYChuCWavhXIe-C9oBD50SLuq7XGscR4tm0MRJhb_I Pictures:----http://postimg.org/gallery/2g022j18m/ Thank you asked 07 Sep '16, 17:53  killmasta93 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
