From: Larry Roberts (groupstudy@american-hero.com)
Date: Thu Mar 03 2005 - 12:21:20 GMT-3
I will try and dig in again today and see if I an find the time between
them.
I'm using several different programs each with strengths and weakness's
so diagnosis isn't always easy.
Guess I better just learn BPF format a little better.
Larry
wes@stevens.name wrote:
> Larry, look at the time between the original packet and the
> retransmission. Is the app really timing out or is the retransmission
> early? If it is timming out put a sniffer on the other side and see if
> the client is acking the packet or if it is timming out on the client
> side.
>
> What you are seeing could be just bad apps (early retransmission) or
> overloaded clients or servers. I could be that it has nothing to do with
> the network (I see this all the time out in our DMZ).
>
> ----- Original Message -----
> From: "Larry Roberts"
> To: "Groupstudy - Security" , "Groupstudy R&S"
> Subject: real world problem
> Date: Wed, 02 Mar 2005 15:52:26 -0500
>
>
>>Ok folks I need some collective brain power.
>>
>>Recently I started noticing issues surfing to certain websites during
>
> the day.
>
>>After sticking a sniffer on the network I noticed an excessive number
>
> of
>
>>retransmissions happening. I dug a little deeper and noticed that it
>
> didn't
>
>>matter what the protocol was ( www,ssl,3389...etc) I was getting these
>>retransmissions, and it didn't matter how close the systems were. Only
>
> thing
>
>>that mattered was time of day ( Aha!..sorta ) During business hours it
>
> was
>
>>much more pronounced but it was also happening after hours as well.
>>
>>I can go and sit on my DC VLAN, plugged directly into my 6509 and
>
> connect to
>
>>an apache box also on the DC subnet and still get them.
>>
>>I setup spanning and noticed that EVERYONE is seeing them.
>>
>>With traffic internal experiencing it I can rule out the FW or the
>
> Internet
>
>>circuit. I believe the issue is related to the 6509 and its
>
> configuration.
>
>>I'm looking for a little guidance on how to best troubleshoot this
>
> traffic.
>
>>Other than seeing excessive retran's I don't get any data from the
>
> sniffer,
>
>>and the 6509 shows its utilization at 3% over 5 min.
>>
>>The 6509 has 2 SupII/MSFC2's as well as 2 8 port GBIC's that connect to
>
> 3
>
>>3508's on 3 separate floors. Each 3508 has 2 uplinks to the 6509, and 6
>
> 3550's
>
>>connected to the other GBIC's.
>>
>>Traffic utilization is minimal on the Fiber and I show no input/output
>
> errors
>
>>on them.
>>
>>I'm running c6sup22-dsv-mz.121-22.E1 on the 6509.
>>
>>I have IPX bridged across every VLAN ( Not by choice ) as well 5
>
> separate
>
>>VLAN's.
>>
>>
>>Any thoughts on how to best go about troubleshooting this issue?
>>
>>Nothing has changed recently that I am aware of on the network, but
>
> about a
>
>>month ago the problem appeared.
>>
>>
>>
>>-- Thanks,
>>
>>Larry
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Thanks,Larry
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:39 GMT-3