Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Need help with analysis of two related captures

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: <Tim.Poth@xxxxxxxxxxx>
Date: Tue, 3 Jun 2014 20:17:19 +0000
Can you share the captures? If you can ask specific 'I don't understand this frame' question we might be able to help but troubleshooting blind id kind of hard. There are a number of good wireshark 101 books if you have that kind of time and a LOT of content on youtube. Sharkfest sharkfest.wireshark.org is just over a week away, no better place than there to learn wireshark. 
In GENERAL out of order packets from AU wouldn't really surprise me, the resets are likely one side giving up, are there a lot of retransmissions or huge time gaps before a reset? Adding a delta column to wireshark can be a huge help when looking at that. Following the different streams might help you get a clearer view of whats up (clear some noise). Did you capture icmp frames or JUST the port this app runs on? ICMP can give huge hints when things go off the rails. Have you checked the firewall logs? Depending on the firewall have you tried excluding the traffic from deep IPS / IDS checks (yea just guessing at random now).

tim

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Kurt Buff
Sent: Tuesday, June 3, 2014 3:45 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Need help with analysis of two related captures

All,

I have an engineer developing a tool in our AU office. His work requires that a machine in the his office talk with two machines in our US office.

If one of the US machines fails to respond, the second machine is supposed to pick up the conversation.

However, he's getting timeouts from both, randomly. I've got a tcpdump capture that he sent initially, and then a pair that I captured of an event from firewalls at both ends, but as a relative newb at this kind of troubleshooting, all I can see are a fair number of out of order packets and resets, and can't really tell him more than that.

The captures are small (2k, 4k and 6k).

I'd love to find a facility or help of some sort to get to the bottom of the problem, if I can.

Can anyone point me to where I might find some help on analysing these?

Kurt
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube