That is really helpful information, Oliver....and when I saved the text and put it in a .html file, it showed the exact home page for yahoo.com with yesterday's date....I was impressed.
Here's one more question;
I noticed that the trace I posted yesterday showed the end user's machine talking to the proxy using HTTP 1.1.
Today, using the same browser (IE 7) from my machine, I did a capture through the same proxy server and loaded www.yahoo.com. The interesting thing was that my machine only used HTTP 1.0.
I checked my browswer's advanced settings and confirmed that is was configured to use HTTP 1.1 whenever possible.
Can anyone explain why some machine's going through the proxy use HTTP 1.1 to yahoo and others use HTTP 1.0 ?
Thanks
John
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wsgd
Sent: Friday, November 06, 2009 2:57 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Intermittant trouble getting to internet
Hello,
"TCP segments of a reassembled PDU" means :
the current packet is ONLY a part of a PDU (or message or HTTP request
or HTTP answer or ...)
In wireshark, the complete PDU (or message or ...) is displayed on the
last packet of the PDU.
And the protocol (in this case HTTP) is displayed ONLY on the last
packet of the PDU.
So, in your case, all "TCP segments of a reassembled PDU" packets are
all part of 1 HTTP answer.
So here you have :
- 105 packets TCP / "TCP segments of a reassembled PDU" / TCP Len: 1460
- 1 last packet HTTP / "HTTP/1.0 200 OK\r\n" / TCP Len: 445
which gives a total length of 153745 bytes
which seems a quite big html page to me (but why not).
I do not see any problem from network point of view.
Select the "HTTP/1.0 200 OK\r\n" packet,
right click on "Line-based text data: text/html",
click on copy / Bytes (Printable text only).
Ctrl+V into notepad.
Save it as <any_name>.html.
This is the html page to display.
Which seems a valid html page.
Olivier
Sheahan, John a écrit :
>
> The problem I am trying to troubleshoot is that some browsers
> intermittently have super slow access to the Internet through the
> proxy. When someone types in a URL, the browser just stalls out and
> then finally renders the page.
>
> I have a trace file that shows the .64 address initiating to the proxy
> server .201 address on port 8080.
>
> The .64 address does an HTTP get with their browser to yahoo.com and
> after that, the trace shows that .201 sends dozens of "TCP segments of
> a reassembled PDU" , all of which are ACKed by .64.but the odd thing
> is, none of this data is HTTP, all the packets are very large (1460
> bytes) and all are received within the same second.
>
> Finally, .201 sends an HTTP packet that shows the actual yahoo.com web
> page also within the same second but yet the client (.64) complains
> they never see the page.
>
> Does this flow of data look normal to anyone?
>
> If so, can you please give me any suggestions as to why the client is
> not seeing data?
>
> (This happens with both IE and Firefox so it's not a browser problem).
>
> My thought is that something is wrong with the workstation other than
> the browser..perhaps spyware?
>
> Thanks
>
> John
>
> ------------------------------------------------------------------------
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
