Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Fwd: Web traffic to one IP

From: Jeff Walzer <jeffreywalzer@xxxxxxxxx>
Date: Fri, 8 Jul 2011 18:44:38 -0400
Tim,

I apologize for the lack of clarification on my part. The lost segments are from my host to the destination 208.19.38.8, where as the packets I see with 208.19.38.8 as the source and my host as the destination, the source is hitting a ton of ports in the 2000 range. I'm trying to figure out why when 208.19.38.8 is the source it's hitting my host on various ports in the 2000 range. The port with the most traffic on my host is 2168.

Thx

From
: <Tim.Poth@xxxxxxxxxxx>
Date: Fri, 8 Jul 2011 18:08:50 -0400

It looks to me like the web server isn’t setup correctly/completely. It doesn’t know what to do with requests sent to the root directory “/ “

You might want to direct

---------- Forwarded message ----------
From: Jeff Walzer <jeffreywalzer@xxxxxxxxx>
Date: Fri, Jul 8, 2011 at 5:59 PM
Subject: Web traffic to one IP
To: wireshark-users@xxxxxxxxxxxxx



I'm running some tests for web browsing and the issue I'm trying to figure out is why the main conversation my host is having with a site that appears to be dead.

I am using Cascade Pilot to view the packet capture. I select the IP - 208.19.38.8 - and load the Protocols Distribution Packets filter, and then select the HTTP traffic, and drill down using the TCP Errors Overview filter where I see 100% lost segments. A few days ago the IP wasn't even up, but the past two days the IP is up. When I hit the site I get a message that says:

Invalid URL

The requested URL "/", is invalid.

Any suggestions on what other filters I can use, or what else to look for to determine the purpose of this site?

Thx,
Jeff