Wireshark-users: Re: [Wireshark-users] TCP Dup Ack

John:

 

A certain number of TCP Dup Acks are common, usually no more than one or three per packet in any particular session. In our case we were seeing sixty or over a hundred for individual packets – this is enough to cause significant errors which brought down large-file-size FTP sessions for our customer. We replaced the XENPAK optics on the 10 Gig links in some of our switches, and that seems to have alleviated the issue. I’ve seen bad NIC cards cause this issue, but this is the first time I saw the optics on a fiber link cause this.

 

For community reference, the optics in question were manufactured by Intel. We got new ones manufactured by Opnext, and they seem to be functioning much better. The Intel ones can be distinguished by their significant weight difference (Intel’s are heavier); I’m not certain, but I believe the Intel XENPAKs were somewhat older models.

 

Thanks,

 

Roland Volz

Network Engineer

Data Access/Datapatch, Inc.

40 Eisenhower Drive

Paramus, NJ 07652-1404

(201) 843-5468 x7032

www.Data-Access.com


From: John Traynor [mailto:[email protected]]
Sent: Monday, June 04, 2007 10:52 PM
To: [email protected]; 'Community support list for Wireshark'
Subject: RE: [Wireshark-users] TCP Dup Ack

 

Pardon my intrusion, but I've had a very similar problem within out small office network.  Are you certain that the problem lies on the internet side?  I have spent hours trying to track down the issue and have now concluded that it is an errant driver on one machine that is causing the problem.  Initially I suspected several other things, but persistent testing has pinpointed our problem to a single PC.  File copies of a 100MB file FROM that machine to any other machine takes well over 5 minutes.  In safe mode with only two nodes active that same copy takes about 15 seconds.  I have additional testing ahead to try to identify the specific driver, but I believe the end is in sight and its not what I originally believed it would be.

 

Good luck.

 


From: [email protected] [mailto:[email protected]] On Behalf Of Roland Volz
Sent: Monday, June 04, 2007 1:11 PM
To: [email protected]
Subject: [Wireshark-users] TCP Dup Ack

I have a couple of customers that have been complaining of issues on their circuits, an issue that causes them to have problems with large file transfers. The only noteworthy problems in their data streams seem to be TCP Dup Acks – I’ve seen as many as sixty, or over a hundred, in file transfers of 100 MB test files. However, as near as I can determine, these errors are being introduced in the Internet, outside of our network (the customers use VPNs over internet circuits with major carriers for these file transfers).

 

As I said, we’ve tested our own network thoroughly, but I’m at a loss as to where to go with this issue. Obviously, telling the customer, “It’s not our fault” is unacceptable, as that doesn’t move them any closer to error-free file transfers. On the other hand, I’m not sure where to tell the carriers’ help desk technicians to look for the source of this issue. Has anyone seen this before on Internet circuits, and is there some way I can use Wireshark to help pinpoint the issue more specifically than telling the carrier, “It’s in your cloud”?

 

Thanks,

 

Roland Volz

Network Engineer

Data Access/Datapatch, Inc.

40 Eisenhower Drive

Paramus, NJ 07652-1404

(201) 843-5468 x7032

www.Data-Access.com