[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 808
  • Last Modified:

The dreaded intermittent "network is slow" help with wireshark: Lots of TCP Out-of-Order

I am shooting an issue with intermittent network slowness. I checked my switches and the interfaces show no over utilization and no errors.  I don't see anything on the switches that stands out as an issue.

When I run wireshark I see lots of TCP Out-of-Order's 24,000 and 12000 duplicate ACKs in a 10 minute capture. Is this a problem  I attached images. The dup ip was corrected.

Does anything else stand out?
ScreenHunter-01-Dec.-28-11.41.gif
ScreenHunter-03-Dec.-28-11.44.gif
ScreenHunter-04-Dec.-28-11.44.gif
0
ttl1
Asked:
ttl1
1 Solution
 
Kamran ArshadCommented:
Hi,

Please read the below discussion;

http://www.firewall.cx/ftopict-3590.html
0
 
elf_binCommented:
It really hard to make real headway given the little information supplied.  
Screen-hunter-1: So you seem to have both duplicate ACK and small(er) TCP windows.  This usually (not always) points to the buffer at the receiver end filling up as the sender is sending faster than the receiver is receiving.  
Screen-hunter-3: That's just bad.  Something is either sending corrupt packets or a device on the network is corrupting them in route or the receiving station (i.e.: the one running wireshark) is corrupting them.  All this will have to be re-transmitted.
Screen-hunter-4:  Out of order may not necessarily be a problem.  Some network card re-order the packets & wireshark is not aware that the NIC has done this.  Duplicate IP address is REALLY bad - I assume you've corrected that.  And finally the 7 frames lost are probably because the receiver buffer is to small on the wireshark machine.

Hope this helps.
0
 
ttl1Author Commented:
Thanks for helping me understand this.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now