[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: debugging low transfer speed
On 25/12/2012, at 1:12 AM, Greg Troxel <gdt%ir.bbn.com@localhost> wrote:
> To debug things like this, I know of only one truly effective way, and
> it's a little involved.
> 1) While doing transfers, capture tcpdumps of them (all TCP packets) at
> each end. Having both lets one separate an endpoint not sending a
> packet from the packet not arriving at the other.
I also take packet captures on all relevant interfaces of all firewalls on the
path. I don't feed those firewall captures into xplot because I'm not an xplot
wizard like Greg, but I use them to track down issues I may see at one end of
the connection, but not the other. Some firewalls will proxy connections
through them, even if it's only a TCP proxy. If the sequence numbers for the
TCP stream of interest in both endpoint packet captures don't match, then one
or more of your firewalls is proxying the connection.
I've seen a commercial firewall whose stateful packet inspection system didn't
handle window scaling, but the Linux kernel it was running on always attempted
to use window scaling when parodying connections. I'm a little bit twitchy
about firewalls misbehaving now.
Main Index |
Thread Index |