Wireshark在分析网络流量时遇到TCP Previous Segment Lost、TCP Dup ACK和RST的情况,导致交易速度慢。在某些情况下,TCP Previous Segment Lost似乎过于敏感,可能导致不必要的RST,影响性能。寻求关于此问题的解释以进行故障排除。
with a typical 200 OK response packet, but the response packet for the other image will be displayed as “TCP Previous segment lost.” However, both images are downloaded and displayed perfectly fine in the browser. I would think that the segment lost error would mean the object wasn’t returned correctly and shouldn’t be able to be displayed, but apparently that is not the case. (The cache had been cleared when this was performed, so it was not defaulting to a local copy of the image.)
Another problem we’ve been noticing is that some packets simply aren’t displayed in the Packet Listing window, even when they are obviously received. Using the same example as above, after the two GET requests are sent for the images, it is not uncommon for one image to be returned with a typical 200 OK response, but the other response will not appear. Yet both images are successfully displayed in the browser. Is this a problem with Ethereal not detecting the packets?
I’m not sure how typical this is, but we seem to be experiencing these issues often with 0.10.14 while we never did with 0.10.2. Could it also be an issue with WinPCap, and not necessarily Ethereal? I’m just trying to find some answers as to why we are seeing a sudden abundance of TCP related errors and uncaptured packets. Thanks.
(2)、I have a network client application that runs fine while I am debugging (no TCP errors),
but when I run the release version, it runs incredibly slow. It runs as a series of
transactions, where each transaction is a separate connection to the server. Wireshark
analysis has determined that about 50% of all transactions involve the series:
TCP Previous Segment Lost
TCP Dup ACK
RST
The RST consumes 3 seconds per transaction, which is a Big Deal. So to prevent it, I must
prevent the initial “TCP Previous Segment Lost” (which seems, on the surface, to merely be
a time-out on a particular segment).
In the following clip, the SYN packet suffers from the “TCP Previous Segment Lost” condition.
0.000640 seconds seems like too short of a time to declare this condition, as many previous
successful transactions took much longer to be successfully SYN-ACK’ed.
Can somebody explain “TCP Previous Segment Lost” in this context to help me troubleshoot my
problem?
Any help would be appreciated.
Here is a clip of a problem transaction:
4. Tcpacked lost segment(tcp应答丢失)
5. Tcp window update(tcp窗口更新)
6. Tcp dup ack(tcp重复应答)
TCP may generate an immediate acknowledgment (a duplicate ACK) when an out- of-order segment is received. This duplicate ACK should not be delayed. The purpose of this duplicate ACK is to let the other end know that a segment was received out of order, and to tell it what sequence number is expected.
当收到一个出问题的分片,Tcp立即产生一个应答。这个相同的ack不会延迟。这个相同应
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
