ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Intermittant trouble getting to internet

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: wsgd <wsgd@xxxxxxx>
Date: Fri, 06 Nov 2009 20:57:18 +0100
Hello,

�TCP segments of a reassembled PDU� means :
the current packet is ONLY a part of a PDU (or message or HTTP request or HTTP answer or ...)
In wireshark, the complete PDU (or message or ...) is displayed on the last packet of the PDU. And the protocol (in this case HTTP) is displayed ONLY on the last packet of the PDU.
So, in your case, all �TCP segments of a reassembled PDU� packets are all part of 1 HTTP answer. 

So here you have :
- 105 packets TCP / �TCP segments of a reassembled PDU� / TCP Len: 1460
- 1 last packet HTTP / "HTTP/1.0 200 OK\r\n" / TCP Len: 445
which gives a total length of 153745 bytes
which seems a quite big html page to me (but why not).

I do not see any problem from network point of view.

Select the "HTTP/1.0 200 OK\r\n" packet,
right click on "Line-based text data: text/html",
click on copy / Bytes (Printable text only).
Ctrl+V into notepad.
Save it as <any_name>.html.
This is the html page to display.
Which seems a valid html page.



Olivier


Sheahan, John a �crit :
The problem I am trying to troubleshoot is that some browsers intermittently have super slow access to the Internet through the proxy. When someone types in a URL, the browser just stalls out and then finally renders the page.
I have a trace file that shows the .64 address initiating to the proxy server .201 address on port 8080.
The .64 address does an HTTP get with their browser to yahoo.com and after that, the trace shows that .201 sends dozens of �TCP segments of a reassembled PDU� , all of which are ACKed by .64�but the odd thing is, none of this data is HTTP, all the packets are very large (1460 bytes) and all are received within the same second.
Finally, .201 sends an HTTP packet that shows the actual yahoo.com web page also within the same second but yet the client (.64) complains they never see the page. 

Does this flow of data look normal to anyone?
If so, can you please give me any suggestions as to why the client is not seeing data? 

(This happens with both IE and Firefox so it�s not a browser problem).
My thought is that something is wrong with the workstation other than the browser�.perhaps spyware? 

Thanks

John

------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube