Hi All
I think I've found something everyone may be interested in...
In wireshark I am monitoring traffic of a SOAP application.
Upon transfer of a BLOB, wire shark is showing many "Tcp ACKed lost segment"
packets.
On top of this there is no evidence of any of the SOAP data, other than the
initial header.
Now I've search for this lost segment business, and no forums really seem to
have much of a solution other than perhaps disabling sequence analysis.
However I think I have found the problem, but I have no understanding of the
whats and whys.
In Microsoft Net Mon, the data packets ARE THERE!!!
i.e
Sent packet: Captured Frame Length = 4434, Media Type = Ethernet...
Continuaion to packet #76.
Received packet: Ack
The received packet is the only packet that shows up in Wireshark! (I have
cross referenced the Packet ID)
Wireshark is NOT COLLECTING LARGE PACKETS!!
I have no idea how packets THAT LARGE got onto the wire IN THE FIRST PLACE!!
What is going on??!! :)
Cheers
Michael
