Why do I get so many Out-of-Order and Retransmitted packets on the client side (hundreds of them)? This doesn't match the server side at all which has very few, if any of those packets. This is definitely Not due to GPRS dial up I'm using. Any input is really appreciated.
fonte fonte <fonte_monte@xxxxxxxxx> wrote:
Hi all.
I wish to have some inputs on my capture findings. Before that I will describe the case scenario.
Initially, I have a FTP server installed at my college, was given a specific IP for it and going through the college gateway to the outside world. On the client side, I was using GPRS dial up to access my server and I use Ethereal to capture at both sides while downloading the file.
After a while, the college decided they couldn't allow me to
put my server there anymore due to some firewall issue etc. As a result, I relocated my server to my home and put it behind a Linksys wireless router and connected it through my broadband internet.
However, when I compared the captures I got from both situations, it differed somewhat. Basically, when my server was at my college, server-client captures more or less matched each other - this I refer to the Info column of Ethereal display window. Example is on the first SYN sent.
From server capture:
source = client, destination = server:
3050 > ftp [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1380 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
From client capture:
source = client, destination = server
3050 > ftp [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1460 TSV=0 TSER=0
In Packet Details pane, Options = 20 bytes
Here, the only different I notice is the MSS value. Why was the MSS value
different?
I ran the two captures through tcptrace and I noticed a small amount of packet retransmissions. From the server capture, 5 packets were retransmitted on the server-to-client direction when downloading file. From the client capture, 2 packets were retransmitted on the server-to-client direction.
Now, when my server was relocated to my home, somehow the server-client captures differed greatly and I know this is most probably be due to the changed network architecture. Nevertheless I wish for a detail explanation on it. Example is also on the first SYN sent.
From server capture:
source = client, destination = server:
23395 > ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380
In Packet Details pane, Options = 4 bytes
From client capture:
source = client, destination = server
3031 > ftp [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460 TSV=0 TSER=0
In Packet Details pane, Options =
20 bytes
Here, port number, Win, MSS and Options values were different. Can anyone please help explain why? I hadn't changed any settings in both server-client systems.
On tcptrace, a more bizarre findings. From the server capture, 3 packets were retransmitted on the server-to-client direction when downloading file. From the client capture, 251 packets were retransmitted on the server-to-client direction. I am totally lost! In Ethereal, these are a mix of retransmitted and out-of-order packets. Please anyone, any input is really appreciated.
One more thing, when I opened the client capture which consists of this too many retransmitted packets, I get an error 'The capture file appears to have been cut short in the middle of a packet'. I'm using version 0.10.13.
I hope my case is really clear. I had not attached any capture (one is about 1000+ KB) however if it is needed I would email
it.
Any input, suggestion, comment, feedback is greatly appreciated.
Thanks all.
Yahoo! Photos
Got holiday prints? See all the ways to get quality prints in your hands ASAP.
