tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: debugging low transfer speed

On 25/12/2012, at 1:12 AM, Greg Troxel <> wrote:

> To debug things like this, I know of only one truly effective way, and
> it's a little involved.
> 1) While doing transfers, capture tcpdumps of them (all TCP packets) at
> each end.  Having both lets one separate an endpoint not sending a
> packet from the packet not arriving at the other.

I also take packet captures on all relevant interfaces of all firewalls on the 
path. I don't feed those firewall captures into xplot because I'm not an xplot 
wizard like Greg, but I use them to track down issues I may see at one end of 
the connection, but not the other. Some firewalls will proxy connections 
through them, even if it's only a TCP proxy. If the sequence numbers for the 
TCP stream of interest in both endpoint packet captures don't match, then one 
or more of your firewalls is proxying the connection. 

I've seen a commercial firewall whose stateful packet inspection system didn't 
handle window scaling, but the Linux kernel it was running on always attempted 
to use window scaling when parodying connections. I'm a little bit twitchy 
about firewalls misbehaving now.


Home | Main Index | Thread Index | Old Index