Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Terminal Server traffic

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Albert Jurado" <ajurado@xxxxxxxxxxxxxxxx>
Date: Tue, 11 Mar 2008 13:41:35 -0400
I've attached a small capture file.  Maybe someone can take a look at it and make something of it.

If you look for the following ip address (10.10.10.23) you'll should see the out of order packets.

Albert Jurado
Network Manager
First Commercial Insurance Company 
2300 W 84 St.
Hialeah, FL 33016
Phone: (305) 820-4848 ex. 1206
Mobile: (305) 873-4400
Email:  ajurado@xxxxxxxxxxxxxxxx
 
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
Sent: Monday, March 10, 2008 7:38 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Terminal Server traffic

Hi,

Well a packet coming in has to come out somewhere. If the router passes them 
both to the sniffer you'll see it twice (with a different MAC address, of 
course, and maybe a different VLAN tag, and a TTL-1, but still.

Thanx,
Jaap

Albert Jurado wrote:
> Why would it see double?
> 
> Albert Jurado
> Network Manager
> First Commercial Insurance Company 
> 2300 W 84 St.
> Hialeah, FL 33016
> Phone: (305) 820-4848 ex. 1206
> Mobile: (305) 873-4400
> Email:  ajurado@xxxxxxxxxxxxxxxx
>  
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Monday, March 10, 2008 1:31 PM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] Terminal Server traffic
> 
> Hi,
> 
> I may be dependant how you configured the monitoring port on the core router. 
> If it captures both ingress and egress packets it start to see double. The 
> details I leave to the network operator buffs ;) .
> 
> Thanx,
> Jaap
> 
> Albert Jurado wrote:
>> As of last week we started to monitor traffic from our internal Terminal 
>> Server to our internal SQL server using wireshark.
>>
>> Our network is segmented in the following way:
>>
>> VLAN for servers
>>
>> Data VLAN for each floor in the building (six in total).
>>
>> We installed wireshark on a separate workstation plugged into our core 
>> router with a monitoring port configured
>>
>> Our first capture revealed over 40% of the traffic as “out-of-order” 
>> packets.  When we performed a capture from the terminal server there was 
>> no such traffic. 
>>
>> I wondering if this type of behavior is normal for terminal server 
>> communication.  I hope someone can shed some light on this matter for 
>> me, it would greatly appreciated.
>>
>> Thanks!
>>
>> *Albert Jurado*
> 

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Attachment: outoforder.pcap
Description: outoforder.pcap

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube