Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] [TCP segment of a reassembled PDU] question...
From: Gergely Bacskó <gergely.bacsko@xxxxxxxxxxx>
Date: Sun, 04 Jan 2009 21:15:19 +0100
JV, Abhik I found the following, hope that helps:(I used this filter because I assume this is between host and the appropriate server: ip.addr==10.200.50.111 && ip.addr==208.109.181.58 )
I think the server is not slow, because in packet 7-8-9-10 (use my filter) the IP IDs are 13908 13909 13910 13911 so I think that means that the server in not busy, because it is sending you continuous IP IDs. If the server would have been busy (eg serving other clients at the same time) IP IDs would have been like 13908-14258-15689-16898...
TCP receive window size is also OK. Maybe need some Apache fine-tuning ??? g On 2009.01.04. 19:54, Abhik Sarkar wrote:
Regarding your question on [TCP segment of a reassembled PDU], please see the following links: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvReassemblySection.html http://wiki.wireshark.org/TCP_Reassembly Any information in the packet details pane which is enclosed in brackets ([...]) is usually Wireshark generated information. Regarding the slow response, perhaps the server was really busy, but maybe someone is able to provide a better explanation. HTH Abhik. On Sun, Jan 4, 2009 at 8:30 PM, Jorge L. Vazquez<jlvazquez825@xxxxxxxxx> wrote:ok guys I've been getting lots of [TCP segment of a reassembled PDU] when trying to access my website, I fired up wireshark when noticed that it took a long time for my website to load, and after capturing for a while I noticed that after the 3 way handshake and the initial GET request issued by the browser the web server took 17 seconds to responds, as you can see in the attached capture file, and after that time the server started to respond with [TCP segment of a reassembled PDU], and this only happened with this particular website, as I tried other and they loaded just find, anyway what exactly this [TCP segment of a reassembled PDU] means or when something like this happen?... I google for this and all I found was users modifying the settings for the PDU on the registry... in my case I'm using a Linux machine although I tried from a windows box with the same results. any comments welcome! thanks -JV blog:http://pctechtips.org ___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- References:
- [Wireshark-users] [TCP segment of a reassembled PDU] question...
- From: Jorge L. Vazquez
- Re: [Wireshark-users] [TCP segment of a reassembled PDU] question...
- From: Abhik Sarkar
- [Wireshark-users] [TCP segment of a reassembled PDU] question...
- Prev by Date: Re: [Wireshark-users] [TCP segment of a reassembled PDU] question...
- Next by Date: Re: [Wireshark-users] [TCP segment of a reassembled PDU] question...
- Previous by thread: Re: [Wireshark-users] [TCP segment of a reassembled PDU] question...
- Next by thread: Re: [Wireshark-users] [TCP segment of a reassembled PDU] question...
- Index(es):