?
Solved

How to analyze dropped packets info in ethereal?

Posted on 2004-10-13
4
Medium Priority
?
859 Views
Last Modified: 2013-12-07
Hello, I use Ethereal 0.10.6, and someone has sent me a .cap file to analyze for dropped packets. I am kinda new to Ethereal and would like to know how to analyze and find dropped packet info including the reasons behind it. Is there an easier way to do it? Thanks in advance.

0
Comment
Question by:yasmagic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 5

Expert Comment

by:NashvilleGuitarPicker
ID: 12299525
You might want to explain your situation further.  Perhaps the simplest form of "dropped" packets are where there is simply no response from the server, and your capture would not show a response (ACK) for the request.  In this case, the .CAP file may not be enough to figure out WHY the packet was ignored.  You may have to do some diagnosis on the server to find out why it dropped the packet.  If instead, you are referring to random problems where a connection that was working is suddenly interrupted, such as from a cabling problem, then you might get some hints from the .CAP file, but a hardware probe ($$$) might be better.  Another cause of dropped packets is network flooding.  You can use the graphing tools in Ethereal to see if there is a period of high activity right before the problem occurs.

Describe the problem a bit more, and we might be able to help better.

- Will
0
 

Author Comment

by:yasmagic
ID: 12301015
Hello Will,

Well, the SAP application server looses it's connection with the other server throwing the following error message,

*                                                                                                                              
*  LOCATION    SAP-Gateway on host TEST3SAP / sapgw00                                                                      
*  ERROR       connection to partner broken                                                                                    
*                                                                                                                              
*  TIME        Sat Sep 25 21:52:12 2004                                                                                        
*  RELEASE     620                                                                                                              
*  COMPONENT   NI (network interface)                                                                                          
*  VERSION     36                                                                                                              
*  RC          -6                                                                                                              
*  MODULE      ninti.c                                                                                                          
*  LINE        1074                                                                                                            
*  DETAIL      NiPRead (192.168.0.1/4337)                                                                                    
*  SYSTEM CALL recv                                                                                                            
*  COUNTER     393                                                                                                              
*                      

and so we put a trace on the gateway to see why it is getting disconnected. I am not sure what to look for in the .CAP trace file to fix this issue. Is this info helpful?
0
 
LVL 5

Accepted Solution

by:
NashvilleGuitarPicker earned 2000 total points
ID: 12303180
Hmmm, does it disconnect at a predictable interval?  Some iritating firewalls will disconnect sessions that are open for long periods of time, even if they are active.

If there is a bad cable somewhere, it is unlikely that a software sniffer will be able to tell you much, since there will usually be no packet to sniff.  I would start the trace, and start a stopwatch.  If you know exactly when the session disconnected, you can find the corresponding entry in the .CAP file and look for any packet patterns which seem different than while it was running correctly.  These issues can be hard to diagnose.  Also, scour the event logs on the gateways and the computers involved, looking for errors.

- Will
0
 
LVL 5

Expert Comment

by:NashvilleGuitarPicker
ID: 12495996
Thanks for the points.  I assume that the issue is resolved or at least identified.  What turned out the be the problem?

- Will
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question