Problème MTU / MSS ?

Bonjour

J’ai un site qui permet de synchroniser ses données avec son téléphone, et certains utilisateurs n’y arrivent pas car une trame HTTP n’est pas totalement reçu par le serveur (pour info serveur Apache avec req_timeout body=20s.)

Ce problème survient avec les téléphones qui se connectent via leur opérateur (en Wifi ça marche)

J’ai longtemps pensé que ça venait du MTU et du MSS de la carte réseau (qui est à 1500), j’ai alors ajouté la règle iptables:

Mais ça ne corrige pas problème …

Voici une trace ethereal pour voir le problème:

Time Source Destination Protocol Length Info 23.196846 188.89.67.221 88.190.31.67 TCP 60 54828 > http [SYN] Seq=0 Win=49640 Len=0 MSS=1460 23.196967 88.190.31.67 188.89.67.221 TCP 58 http > 54828 [SYN, ACK] Seq=0 Ack=1 Win=5808 Len=0 MSS=1452 23.216133 188.89.67.221 88.190.31.67 TCP 60 54828 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0 23.216824 188.89.67.221 88.190.31.67 TCP 401 [TCP segment of a reassembled PDU] 23.216952 88.190.31.67 188.89.67.221 TCP 54 http > 54828 [ACK] Seq=1 Ack=348 Win=6432 Len=0 23.216967 188.89.67.221 88.190.31.67 TCP 1202 [TCP segment of a reassembled PDU] 23.217067 88.190.31.67 188.89.67.221 TCP 54 http > 54828 [ACK] Seq=1 Ack=1496 Win=8036 Len=0 45.559194 88.190.31.67 188.89.67.221 HTTP 373 HTTP/1.1 100 continue 45.559321 88.190.31.67 188.89.67.221 TCP 54 http > 54828 [FIN, ACK] Seq=320 Ack=1496 Win=8036 Len=0 45.578906 188.89.67.221 88.190.31.67 TCP 60 [TCP Previous segment lost] 54828 > http [ACK] Seq=8796 Ack=320 Win=49640 Len=0 45.579292 188.89.67.221 88.190.31.67 TCP 60 54828 > http [ACK] Seq=8796 Ack=321 Win=49640 Len=0

Et le résutat HTTP: (Content-Length=61459 et body reçu=environ 1000 octets)

[code]POST /syncml?sid=hg29brcm6jtbpvuffpns0sk9l5 HTTP/1.1
Content-Language: nl
Content-Type: application/vnd.syncml+xml
Content-Length: 61459
User-Agent: Funambol BlackBerry Plug-in 10.0.7
Device-Agent: RIM Wireless Handheld MIDP-2.0 CLDC-1.1
Accept-Encoding: gzip
Host: sync.memotoo.com
Cache-Control: max-age=43200
Connection: keep-alive

1.2 SyncML/1.2 1332755332471 2 http://sync.memotoo.com/syncml?sid=hg29brcm6jtbpvuffpns0sk9l5 fbb-630432428 1 1 0 SyncHdr fbb-630432428 http://sync.memotoo.com/syncml?sid=hg29brcm6jtbpvuffpns0sk9l5 200 2 1 3 Alert card Contacts 200 1332755335000 3 card Contacts 4 1193640228 text/x-vcard BEGIN:VCARD VERSION:2.1 N:Bats;Jan-Jaap;;; TEL;VOICE;HOME:+31 53 428 09 50 TEL;VOICE;HOME:

HTTP/1.1 100 continue
Date: Mon, 26 Mar 2012 09:49:19 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze8
Set-Cookie: PHPSESSID=hg29brcm6jtbpvuffpns0sk9l5; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html[/code]
Au bout de 20 seconde, le serveur renvoit le code “100 continue” pour dire va s’y continue mais ça ne marche pas.

Si vous avez des idées ce serait super car je sèches un peu.

Merci !
Thomas

As-tu testé avec un plus petit MTU et/ou un plus grand req_timeout_body ?

A propos du MTU, je dis cela car j’ai administré un certain nombre de serveur et service sur une plateforme de test dans le cadre de validation LTE (4G) chez un constructeur en télécommunication.
Je me suis rendu compte qu’il fallait baisser le MTU pour que tous les flux passent.

Avec la commande suivante on testait le MTU max du payload :
ping -l 1300 -f google.fr
Si le paquet devait être fragmenté alors il fallait baisser le MTU.

Ouais, --clamp-mss-to-pmtu ne sert à rien si le MTU des routes liées à l’interface est à 1500.
Accessoirement, cela ne sert que sur un routeur intermédiaire, pas sur la machine source puisqu’il suffit de baisser le MTU de l’interface pour faire baisser d’autant le MSS annoncé.

Merci pour vos remarques

@nillo: alors j’ai testé ta commande et j’ai des packets perdu. (mon MTU est à 1492: avant il était à 1500 mais je l’ai changé il y a 3 mois). Quelle valeur dis-tu par “plus petit MTU” -> 1300 ? ou plus petit ?
Ce message “WARNING: probably, rcvbuf is not enough to hold preload.” est un problème à corriger ?

ping -l 1300 -f google.fr WARNING: probably, rcvbuf is not enough to hold preload. PING google.fr (173.194.67.94) 56(84) bytes of data. ............................................................................. --- google.fr ping statistics --- 7483 packets transmitted, 7406 received, 1% packet loss, time 4434ms rtt min/avg/max/mdev = 10.967/11.095/14.148/0.165 ms, pipe 36, ipg/ewma 0.592/11.108 ms

@PascalHambourg: Je penses que le clamp-mss-to-pmtu marche à peu près car il est en POSTROUTING. Mais je suis d’accord avec toi ça marcherait mieux sur un routeur.

Ce qui est quand même étonnant c’est que j’ai un “TCP Previous segment lost” dans la trace ethereal. Est-ce une piste à suivre ?

Oui plus petit MTU.
Par défaut c’est 1500, je devais le passer à 1400 voir 1300 dans certains cas.
Tout cela à cause de l’encapsulation de la norme 3GPP entre le mobile (téléphone, clé usb, …) et le coeur de réseau.

Après ce n’est qu’une hypothèse …

Au passage c’est Niloo

Cela ne suffit pas le rendre efficace. Il est important de bien comprendre comment fonctionne l’option --clamp-mss-to-pmtu de la cible TCPMSS pour l’utiliser correctement.

Elle compare le MSS contenu dans les paquets TCP SYN avec le MSS calculé à partir du MTU de la route utilisée pour router l’adresse de destination du paquet (égal au MTU de l’interface de sortie, sauf cas particuliers), et remplace le MSS dans le paquet par le MSS de la route si ce dernier est inférieur. Or la machine émettrice utilise la même formule de calcul pour définir le MSS initial, donc la valeur calculée par l’option --clamp-mss-to-pmtu sur la machine émettrice sera identique et cela n’aura aucun effet.

L’option --clamp-mss-to-pmtu a un effet lorsqu’elle fonctionne sur un routeur intermédiaire distinct, dont l’interface de sortie à un MTU inférieur au MTU de l’interface de sortie de la machine source, ce que cette dernière ne sait pas forcément à priori. Pour réduire le MSS sur la machine émettrice, il faut soit réduire le MTU de l’interface, soit créer une route pour la destination correspondante avec un MTU ou un MSS réduit, soit utiliser TCPMSS avec l’option "–set-mss " pour fixer la valeur de MSS manuellement (de préférence combinée à la correspondance “-m tcpmss --mss :” pour ne pas augmenter le MSS s’il est déjà inférieur à la valeur maximum désirée).

Concernant la perte de paquets de 1% avec le ping flood, ce n’est pas un résultat anormal. Mais je ne suis pas certain qu’il soit pertinent. L’option -l spécifie le nombre de paquets envoyés sans attendre de réponse, alors que je pense que Niloo voulait plutôt spécifier la taille des paquets qui se règle avec l’option -s. De toute façon cibler Google n’a pas vraiment d’intérêt dans ce contexte ; il faudrait plutôt cibler l’adresse IP de la connexion mobile qui pose problème, ou faire le ping dans l’autre sens, de la connexion mobile vers le serveur.

@Niloo: Excuse c’était une erreur de frappe

@PascalHambourg: Merci pour ces précisions très détaillée

Donc j’ai passé mes serveurs en MTU 1300 (en ligne de commande avec ifconfig), mais problème y est toujours.
J’ai aussi remis les valeurs par défaut d’une débian pour /proc/sys/net/ipv4/tcp_*

Les utilisateurs qui ont eu un problème ce matin, avaient un MSS de 1460, 1360, 1452, 1300, … En SSL et pas SSL. Par contre je ne vois pas d’érreur en ipv6 (je ne sais pas si ça joue ou que peu d’utilisateur sont en ipv6)

D’autres idées ???

Tu peux encore baisser le MTU de l’interface à 1280. En dessous, tu perds l’IPv6 qui exige un MTU de 1280 au moins. Pour le baisser en-dessous en IPv4, il faut soit modifier la route par défaut IPv4, soit jouer avec TCPMSS --set-mtu.

Mais la trace d’ethereal n’est pas très explicite concernant les [TCP segment of a reassembled PDU], il faudrait plus de détails sur ces paquets (fragments ?). En tout cas la taille maxi de paquet qu’on voit passer est 1202. La fin de la trace montre que le client indique avoir envoyé 8796 octets mais le serveur n’en a acquitté (donc reçu) que 1496.

Je n’ai pas trop envie de encore baisser la MTU car les utilisateurs qui ont des problèmes ont des MSS plus haut que le MTU.

Voilà le detail de la trame si tu vois quelquechose ??

[code]No. Time Source Destination Protocol Length Info New Column
5 23.196846 188.89.67.221 88.190.31.67 TCP 60 54828 > http [SYN] Seq=0 Win=49640 Len=0 MSS=1460 5

Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Mar 26, 2012 11:49:19.426786000 CEST
Epoch Time: 1332755359.426786000 seconds
[Time delta from previous captured frame: 23.196618000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 23.196846000 seconds]
Frame Number: 5
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 0000
Internet Protocol Version 4, Src: 188.89.67.221 (188.89.67.221), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 44
Identification: 0xae0d (44557)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x2387 [correct]
[Good: True]
[Bad: False]
Source: 188.89.67.221 (188.89.67.221)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 54828 (54828), Dst Port: http (80), Seq: 0, Len: 0
Source port: 54828 (54828)
Destination port: http (80)
[Stream index: 1]
Sequence number: 0 (relative sequence number)
Header length: 24 bytes
Flags: 0x02 (SYN)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …0 … = Acknowledgement: Not set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 49640
[Calculated window size: 49640]
Checksum: 0x9910 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1460 bytes

No. Time Source Destination Protocol Length Info New Column
6 23.196967 88.190.31.67 188.89.67.221 TCP 58 http > 54828 [SYN, ACK] Seq=0 Ack=1 Win=5808 Len=0 MSS=1452 6

Frame 6: 58 bytes on wire (464 bits), 58 bytes captured (464 bits)
Arrival Time: Mar 26, 2012 11:49:19.426907000 CEST
Epoch Time: 1332755359.426907000 seconds
[Time delta from previous captured frame: 0.000121000 seconds]
[Time delta from previous displayed frame: 0.000121000 seconds]
[Time since reference or first frame: 23.196967000 seconds]
Frame Number: 6
Frame Length: 58 bytes (464 bits)
Capture Length: 58 bytes (464 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 188.89.67.221 (188.89.67.221)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 44
Identification: 0x0000 (0)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0xc294 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 188.89.67.221 (188.89.67.221)
Transmission Control Protocol, Src Port: http (80), Dst Port: 54828 (54828), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 54828 (54828)
[Stream index: 1]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 5808
[Calculated window size: 5808]
Checksum: 0x121e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1452 bytes
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5]
[The RTT to ACK the segment was: 0.000121000 seconds]

No. Time Source Destination Protocol Length Info New Column
7 23.216133 188.89.67.221 88.190.31.67 TCP 60 54828 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0 7

Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Mar 26, 2012 11:49:19.446073000 CEST
Epoch Time: 1332755359.446073000 seconds
[Time delta from previous captured frame: 0.019166000 seconds]
[Time delta from previous displayed frame: 0.019166000 seconds]
[Time since reference or first frame: 23.216133000 seconds]
Frame Number: 7
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 0000
Internet Protocol Version 4, Src: 188.89.67.221 (188.89.67.221), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 44
Identification: 0x0000 (0)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 40
Protocol: TCP (6)
Header checksum: 0xda94 [correct]
[Good: True]
[Bad: False]
Source: 188.89.67.221 (188.89.67.221)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 54828 (54828), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 54828 (54828)
Destination port: http (80)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x2e7d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (4 bytes)
No-Operation (NOP)
No-Operation (NOP)
No-Operation (NOP)
No-Operation (NOP)
[Expert Info (Warn/Protocol): 4 NOP in a row - a router may have removed some options]
[Message: 4 NOP in a row - a router may have removed some options]
[Severity level: Warn]
[Group: Protocol]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 6]
[The RTT to ACK the segment was: 0.019166000 seconds]

No. Time Source Destination Protocol Length Info New Column
8 23.216824 188.89.67.221 88.190.31.67 TCP 401 [TCP segment of a reassembled PDU] 8

Frame 8: 401 bytes on wire (3208 bits), 401 bytes captured (3208 bits)
Arrival Time: Mar 26, 2012 11:49:19.446764000 CEST
Epoch Time: 1332755359.446764000 seconds
[Time delta from previous captured frame: 0.000691000 seconds]
[Time delta from previous displayed frame: 0.000691000 seconds]
[Time since reference or first frame: 23.216824000 seconds]
Frame Number: 8
Frame Length: 401 bytes (3208 bits)
Capture Length: 401 bytes (3208 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 188.89.67.221 (188.89.67.221), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 387
Identification: 0xae0e (44558)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x222f [correct]
[Good: True]
[Bad: False]
Source: 188.89.67.221 (188.89.67.221)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 54828 (54828), Dst Port: http (80), Seq: 1, Ack: 1, Len: 347
Source port: 54828 (54828)
Destination port: http (80)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
[Next sequence number: 348 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 49640
[Calculated window size: 49640]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xba5e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 347]
TCP segment data (347 bytes)

No. Time Source Destination Protocol Length Info New Column
9 23.216952 88.190.31.67 188.89.67.221 TCP 54 http > 54828 [ACK] Seq=1 Ack=348 Win=6432 Len=0 9

Frame 9: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Arrival Time: Mar 26, 2012 11:49:19.446892000 CEST
Epoch Time: 1332755359.446892000 seconds
[Time delta from previous captured frame: 0.000128000 seconds]
[Time delta from previous displayed frame: 0.000128000 seconds]
[Time since reference or first frame: 23.216952000 seconds]
Frame Number: 9
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 188.89.67.221 (188.89.67.221)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x52de (21214)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x6fba [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 188.89.67.221 (188.89.67.221)
Transmission Control Protocol, Src Port: http (80), Dst Port: 54828 (54828), Seq: 1, Ack: 348, Len: 0
Source port: http (80)
Destination port: 54828 (54828)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 348 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 6432
[Calculated window size: 6432]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x2608 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 8]
[The RTT to ACK the segment was: 0.000128000 seconds]

No. Time Source Destination Protocol Length Info New Column
10 23.216967 188.89.67.221 88.190.31.67 TCP 1202 [TCP segment of a reassembled PDU] 10

Frame 10: 1202 bytes on wire (9616 bits), 1202 bytes captured (9616 bits)
Arrival Time: Mar 26, 2012 11:49:19.446907000 CEST
Epoch Time: 1332755359.446907000 seconds
[Time delta from previous captured frame: 0.000015000 seconds]
[Time delta from previous displayed frame: 0.000015000 seconds]
[Time since reference or first frame: 23.216967000 seconds]
Frame Number: 10
Frame Length: 1202 bytes (9616 bits)
Capture Length: 1202 bytes (9616 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 188.89.67.221 (188.89.67.221), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 1188
Identification: 0xae0f (44559)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x1f0d [correct]
[Good: True]
[Bad: False]
Source: 188.89.67.221 (188.89.67.221)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 54828 (54828), Dst Port: http (80), Seq: 348, Ack: 1, Len: 1148
Source port: 54828 (54828)
Destination port: http (80)
[Stream index: 1]
Sequence number: 348 (relative sequence number)
[Next sequence number: 1496 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 49640
[Calculated window size: 49640]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xf650 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 1148]
TCP segment data (1148 bytes)

No. Time Source Destination Protocol Length Info New Column
11 23.217067 88.190.31.67 188.89.67.221 TCP 54 http > 54828 [ACK] Seq=1 Ack=1496 Win=8036 Len=0 11

Frame 11: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Arrival Time: Mar 26, 2012 11:49:19.447007000 CEST
Epoch Time: 1332755359.447007000 seconds
[Time delta from previous captured frame: 0.000100000 seconds]
[Time delta from previous displayed frame: 0.000100000 seconds]
[Time since reference or first frame: 23.217067000 seconds]
Frame Number: 11
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 188.89.67.221 (188.89.67.221)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x52df (21215)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x6fb9 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 188.89.67.221 (188.89.67.221)
Transmission Control Protocol, Src Port: http (80), Dst Port: 54828 (54828), Seq: 1, Ack: 1496, Len: 0
Source port: http (80)
Destination port: 54828 (54828)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1496 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 8036
[Calculated window size: 8036]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x1b48 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 10]
[The RTT to ACK the segment was: 0.000100000 seconds]

No. Time Source Destination Protocol Length Info New Column
12 45.559194 88.190.31.67 188.89.67.221 HTTP 373 HTTP/1.1 100 continue 12

Frame 12: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits)
Arrival Time: Mar 26, 2012 11:49:41.789134000 CEST
Epoch Time: 1332755381.789134000 seconds
[Time delta from previous captured frame: 22.342127000 seconds]
[Time delta from previous displayed frame: 22.342127000 seconds]
[Time since reference or first frame: 45.559194000 seconds]
Frame Number: 12
Frame Length: 373 bytes (2984 bits)
Capture Length: 373 bytes (2984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:data]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 188.89.67.221 (188.89.67.221)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 359
Identification: 0x52e0 (21216)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x6e79 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 188.89.67.221 (188.89.67.221)
Transmission Control Protocol, Src Port: http (80), Dst Port: 54828 (54828), Seq: 1, Ack: 1496, Len: 319
Source port: http (80)
Destination port: 54828 (54828)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
[Next sequence number: 320 (relative sequence number)]
Acknowledgement number: 1496 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 8036
[Calculated window size: 8036]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x7991 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 319]
Hypertext Transfer Protocol
HTTP/1.1 100 continue\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 100 continue\r\n]
[Message: HTTP/1.1 100 continue\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 100
Response Phrase: continue
Date: Mon, 26 Mar 2012 09:49:19 GMT\r\n
Server: Apache/2.2.16 (Debian)\r\n
X-Powered-By: PHP/5.3.3-7+squeeze8\r\n
Set-Cookie: PHPSESSID=hg29brcm6jtbpvuffpns0sk9l5; path=/\r\n
Vary: Accept-Encoding\r\n
Content-Encoding: gzip\r\n
Content-Length: 20\r\n
[Content length: 20]
Connection: close\r\n
Content-Type: text/html\r\n
\r\n
Content-encoded entity body (gzip): 20 bytes [Error: Decompression failed]
Data (20 bytes)

0000 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 …
0010 00 00 00 00 …
Data: 1f8b080000000000000303000000000000000000
[Length: 20]

No. Time Source Destination Protocol Length Info New Column
13 45.559321 88.190.31.67 188.89.67.221 TCP 54 http > 54828 [FIN, ACK] Seq=320 Ack=1496 Win=8036 Len=0 13

Frame 13: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Arrival Time: Mar 26, 2012 11:49:41.789261000 CEST
Epoch Time: 1332755381.789261000 seconds
[Time delta from previous captured frame: 0.000127000 seconds]
[Time delta from previous displayed frame: 0.000127000 seconds]
[Time since reference or first frame: 45.559321000 seconds]
Frame Number: 13
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 188.89.67.221 (188.89.67.221)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x52e1 (21217)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x6fb7 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 188.89.67.221 (188.89.67.221)
Transmission Control Protocol, Src Port: http (80), Dst Port: 54828 (54828), Seq: 320, Ack: 1496, Len: 0
Source port: http (80)
Destination port: 54828 (54828)
[Stream index: 1]
Sequence number: 320 (relative sequence number)
Acknowledgement number: 1496 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size value: 8036
[Calculated window size: 8036]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x1a08 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
14 45.578906 188.89.67.221 88.190.31.67 TCP 60 [TCP Previous segment lost] 54828 > http [ACK] Seq=8796 Ack=320 Win=49640 Len=0 14

Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Mar 26, 2012 11:49:41.808846000 CEST
Epoch Time: 1332755381.808846000 seconds
[Time delta from previous captured frame: 0.019585000 seconds]
[Time delta from previous displayed frame: 0.019585000 seconds]
[Time since reference or first frame: 45.578906000 seconds]
Frame Number: 14
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 188.89.67.221 (188.89.67.221), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0xae17 (44567)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x2381 [correct]
[Good: True]
[Bad: False]
Source: 188.89.67.221 (188.89.67.221)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 54828 (54828), Dst Port: http (80), Seq: 8796, Ack: 320, Len: 0
Source port: 54828 (54828)
Destination port: http (80)
[Stream index: 1]
Sequence number: 8796 (relative sequence number)
Acknowledgement number: 320 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 49640
[Calculated window size: 49640]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x5b00 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 12]
[The RTT to ACK the segment was: 0.019712000 seconds]
[TCP Analysis Flags]
[A segment before this frame was lost]
[Expert Info (Warn/Sequence): Previous segment lost (common at capture start)]
[Message: Previous segment lost (common at capture start)]
[Severity level: Warn]
[Group: Sequence]

No. Time Source Destination Protocol Length Info New Column
15 45.579292 188.89.67.221 88.190.31.67 TCP 60 54828 > http [ACK] Seq=8796 Ack=321 Win=49640 Len=0 15

Frame 15: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Mar 26, 2012 11:49:41.809232000 CEST
Epoch Time: 1332755381.809232000 seconds
[Time delta from previous captured frame: 0.000386000 seconds]
[Time delta from previous displayed frame: 0.000386000 seconds]
[Time since reference or first frame: 45.579292000 seconds]
Frame Number: 15
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 188.89.67.221 (188.89.67.221), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0xae18 (44568)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: TCP (6)
Header checksum: 0x2380 [correct]
[Good: True]
[Bad: False]
Source: 188.89.67.221 (188.89.67.221)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 54828 (54828), Dst Port: http (80), Seq: 8796, Ack: 321, Len: 0
Source port: 54828 (54828)
Destination port: http (80)
[Stream index: 1]
Sequence number: 8796 (relative sequence number)
Acknowledgement number: 321 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 49640
[Calculated window size: 49640]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x5aff [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 13]
[The RTT to ACK the segment was: 0.019971000 seconds][/code]

Le MTU ne sert qu’en émission (et pour calculer le MSS annoncé). Même avec un MTU à 1000, l’interface ethernet continue à accepter des paquets de 1500 octets. Mais si tu ne veux pas baisser le MTU tu peux directement diminuer le MSS annoncé par ton serveur, ce qui est le but recherché afin que les clients envoient des segments plus petits. Cela permettra de voir si le problème vient de la taille des paquets.

OK je ne savais pas cette différence. Et pour baisser le MSS je fais comment ? Avec iptables et POSTROUTING ? (Je sens que tu vas me dire que ça ne marchera que sur le routeur cette règle )

Non, ça devrait marcher. A confirmer avec ethereal.

Bon, j’ai examiné la trace détaillé et les paquets marqués [TCP segment of a reassembled PDU] ne sont pas des fragments au sens IP (d’ailleurs les paquets ont le flag “ne pas fragmenter” activé), je pense qu’il s’agit de fragments de blocs de données au sens du protocole HTTP, qu’ethereal ne peut analyser tant qu’il n’a pas reçu le contenu entier de la requête POST.

Une seule chose est à peu près sûre : le client a envoyé des paquets que ton serveur n’a pas reçus. Je dirais 5 : 8796 - 1496 = 7300, or 7300 / 5 = 1460. Mais ça m’embête un peu, parce que si le client a envoyé 5 segments de 1460 octets, il a ignoré le MSS à 1452 annoncé par ton serveur…

Oui je viens de vérifier avec ethereal et la commande marche. J’ai mis un MSS de 1000 puis 576, mais j’ai encore des connexions qui ont des problèmes…

Je vais essayer de capturer une autre séquence d’erreurs…

Avec les captures tu pourras regarder si les clients tiennent compte du MSS réduit ou envoyent des segments plus gros (à condition qu’ils arrivent malgré tout).

Voilà je viens de capturer une autre séquence.
Le MSS est bien comme je l’ai configuré (576) par contre encore des paquest perdus ?

[code]No. Time Source Destination Protocol Length Info New Column
25 833.680189 88.12.46.10 88.190.31.67 TCP 74 46656 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1452 SACK_PERM=1 TSval=1895576 TSecr=0 WS=2 25

Frame 25: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Apr 14, 2012 18:17:57.840296000 CEST
Epoch Time: 1334420277.840296000 seconds
[Time delta from previous captured frame: 213.542470000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 833.680189000 seconds]
Frame Number: 25
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 60
Identification: 0x5f1d (24349)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe787 [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 0, Len: 0
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x02 (SYN)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …0 … = Acknowledgement: Not set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 5840
[Calculated window size: 5840]
Checksum: 0x022f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1452 bytes
TCP SACK Permitted Option: True
Timestamps: TSval 1895576, TSecr 0
Kind: Timestamp (8)
Length: 10
Timestamp value: 1895576
Timestamp echo reply: 0
No-Operation (NOP)
Window scale: 1 (multiply by 2)
Kind: Window Scale (3)
Length: 3
Shift count: 1
[Multiplier: 2]

No. Time Source Destination Protocol Length Info New Column
26 833.680224 88.190.31.67 88.12.46.10 TCP 74 http > 46656 [SYN, ACK] Seq=0 Ack=1 Win=4992 Len=0 MSS=576 SACK_PERM=1 TSval=1213171761 TSecr=1895576 WS=128 26

Frame 26: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Apr 14, 2012 18:17:57.840331000 CEST
Epoch Time: 1334420277.840331000 seconds
[Time delta from previous captured frame: 0.000035000 seconds]
[Time delta from previous displayed frame: 0.000035000 seconds]
[Time since reference or first frame: 833.680224000 seconds]
Frame Number: 26
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 88.12.46.10 (88.12.46.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 60
Identification: 0x0000 (0)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x3ca5 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 88.12.46.10 (88.12.46.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 46656 (46656), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 46656 (46656)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x12 (SYN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 4992
[Calculated window size: 4992]
Checksum: 0x7d52 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 576 bytes
TCP SACK Permitted Option: True
Timestamps: TSval 1213171761, TSecr 1895576
Kind: Timestamp (8)
Length: 10
Timestamp value: 1213171761
Timestamp echo reply: 1895576
No-Operation (NOP)
Window scale: 7 (multiply by 128)
Kind: Window Scale (3)
Length: 3
Shift count: 7
[Multiplier: 128]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 25]
[The RTT to ACK the segment was: 0.000035000 seconds]

No. Time Source Destination Protocol Length Info New Column
27 833.714025 88.12.46.10 88.190.31.67 TCP 66 46656 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=1895583 TSecr=1213171761 27

Frame 27: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 14, 2012 18:17:57.874132000 CEST
Epoch Time: 1334420277.874132000 seconds
[Time delta from previous captured frame: 0.033801000 seconds]
[Time delta from previous displayed frame: 0.033801000 seconds]
[Time since reference or first frame: 833.714025000 seconds]
Frame Number: 27
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x5f1e (24350)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe78e [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 2920
[Calculated window size: 5840]
[Window size scaling factor: 2]
Checksum: 0xb0bb [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1895583, TSecr 1213171761
Kind: Timestamp (8)
Length: 10
Timestamp value: 1895583
Timestamp echo reply: 1213171761
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 26]
[The RTT to ACK the segment was: 0.033801000 seconds]

No. Time Source Destination Protocol Length Info New Column
28 833.752469 88.12.46.10 88.190.31.67 TCP 300 [TCP segment of a reassembled PDU] 28

Frame 28: 300 bytes on wire (2400 bits), 300 bytes captured (2400 bits)
Arrival Time: Apr 14, 2012 18:17:57.912576000 CEST
Epoch Time: 1334420277.912576000 seconds
[Time delta from previous captured frame: 0.038444000 seconds]
[Time delta from previous displayed frame: 0.038444000 seconds]
[Time since reference or first frame: 833.752469000 seconds]
Frame Number: 28
Frame Length: 300 bytes (2400 bits)
Capture Length: 300 bytes (2400 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 286
Identification: 0x5f1f (24351)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe6a3 [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 1, Ack: 1, Len: 234
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
[Next sequence number: 235 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 2920
[Calculated window size: 5840]
[Window size scaling factor: 2]
Checksum: 0x6383 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1895590, TSecr 1213171761
Kind: Timestamp (8)
Length: 10
Timestamp value: 1895590
Timestamp echo reply: 1213171761
[SEQ/ACK analysis]
[Bytes in flight: 234]
TCP segment data (234 bytes)

No. Time Source Destination Protocol Length Info New Column
29 833.752510 88.190.31.67 88.12.46.10 TCP 66 http > 46656 [ACK] Seq=1 Ack=235 Win=6144 Len=0 TSval=1213171779 TSecr=1895590 29

Frame 29: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 14, 2012 18:17:57.912617000 CEST
Epoch Time: 1334420277.912617000 seconds
[Time delta from previous captured frame: 0.000041000 seconds]
[Time delta from previous displayed frame: 0.000041000 seconds]
[Time since reference or first frame: 833.752510000 seconds]
Frame Number: 29
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 88.12.46.10 (88.12.46.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0xa811 (43025)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x949b [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 88.12.46.10 (88.12.46.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 46656 (46656), Seq: 1, Ack: 235, Len: 0
Source port: http (80)
Destination port: 46656 (46656)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 235 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xbaf0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1213171779, TSecr 1895590
Kind: Timestamp (8)
Length: 10
Timestamp value: 1213171779
Timestamp echo reply: 1895590
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 28]
[The RTT to ACK the segment was: 0.000041000 seconds]

No. Time Source Destination Protocol Length Info New Column
30 833.759279 88.12.46.10 88.190.31.67 TCP 438 [TCP Previous segment lost] [TCP segment of a reassembled PDU] 30

Frame 30: 438 bytes on wire (3504 bits), 438 bytes captured (3504 bits)
Arrival Time: Apr 14, 2012 18:17:57.919386000 CEST
Epoch Time: 1334420277.919386000 seconds
[Time delta from previous captured frame: 0.006769000 seconds]
[Time delta from previous displayed frame: 0.006769000 seconds]
[Time since reference or first frame: 833.759279000 seconds]
Frame Number: 30
Frame Length: 438 bytes (3504 bits)
Capture Length: 438 bytes (3504 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 424
Identification: 0x5f21 (24353)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe617 [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 1675, Ack: 1, Len: 372
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 1675 (relative sequence number)
[Next sequence number: 2047 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 2920
[Calculated window size: 5840]
[Window size scaling factor: 2]
Checksum: 0x2b1e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1895590, TSecr 1213171761
Kind: Timestamp (8)
Length: 10
Timestamp value: 1895590
Timestamp echo reply: 1213171761
[SEQ/ACK analysis]
[TCP Analysis Flags]
[A segment before this frame was lost]
[Expert Info (Warn/Sequence): Previous segment lost (common at capture start)]
[Message: Previous segment lost (common at capture start)]
[Severity level: Warn]
[Group: Sequence]
TCP segment data (372 bytes)

No. Time Source Destination Protocol Length Info New Column
31 833.759310 88.190.31.67 88.12.46.10 TCP 78 [TCP Dup ACK 29#1] http > 46656 [ACK] Seq=1 Ack=235 Win=6144 Len=0 TSval=1213171781 TSecr=1895590 SLE=1675 SRE=2047 31

Frame 31: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Arrival Time: Apr 14, 2012 18:17:57.919417000 CEST
Epoch Time: 1334420277.919417000 seconds
[Time delta from previous captured frame: 0.000031000 seconds]
[Time delta from previous displayed frame: 0.000031000 seconds]
[Time since reference or first frame: 833.759310000 seconds]
Frame Number: 31
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 88.12.46.10 (88.12.46.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 64
Identification: 0xa812 (43026)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x948e [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 88.12.46.10 (88.12.46.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 46656 (46656), Seq: 1, Ack: 235, Len: 0
Source port: http (80)
Destination port: 46656 (46656)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 235 (relative ack number)
Header length: 44 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0x5ae8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1213171781, TSecr 1895590
Kind: Timestamp (8)
Length: 10
Timestamp value: 1213171781
Timestamp echo reply: 1895590
No-Operation (NOP)
No-Operation (NOP)
SACK: 1675-2047
left edge = 1675 (relative)
right edge = 2047 (relative)
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 29]
[Expert Info (Note/Sequence): Duplicate ACK (#1)]
[Message: Duplicate ACK (#1)]
[Severity level: Note]
[Group: Sequence]

No. Time Source Destination Protocol Length Info New Column
32 853.997445 88.190.31.67 88.12.46.10 HTTP 404 HTTP/1.1 408 Request Timeout 32

Frame 32: 404 bytes on wire (3232 bits), 404 bytes captured (3232 bits)
Arrival Time: Apr 14, 2012 18:18:18.157552000 CEST
Epoch Time: 1334420298.157552000 seconds
[Time delta from previous captured frame: 20.238135000 seconds]
[Time delta from previous displayed frame: 20.238135000 seconds]
[Time since reference or first frame: 853.997445000 seconds]
Frame Number: 32
Frame Length: 404 bytes (3232 bits)
Capture Length: 404 bytes (3232 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:data]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 88.12.46.10 (88.12.46.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 390
Identification: 0xa813 (43027)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x9347 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 88.12.46.10 (88.12.46.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 46656 (46656), Seq: 1, Ack: 235, Len: 326
Source port: http (80)
Destination port: 46656 (46656)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
[Next sequence number: 327 (relative sequence number)]
Acknowledgement number: 235 (relative ack number)
Header length: 44 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xff8f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1213176840, TSecr 1895590
Kind: Timestamp (8)
Length: 10
Timestamp value: 1213176840
Timestamp echo reply: 1895590
No-Operation (NOP)
No-Operation (NOP)
SACK: 1675-2047
left edge = 1675 (relative)
right edge = 2047 (relative)
[SEQ/ACK analysis]
[Bytes in flight: 326]
Hypertext Transfer Protocol
HTTP/1.1 408 Request Timeout\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 408 Request Timeout\r\n]
[Message: HTTP/1.1 408 Request Timeout\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 408
Response Phrase: Request Timeout
Date: Sat, 14 Apr 2012 16:17:57 GMT\r\n
Server: Apache/2.2.16 (Debian)\r\n
X-Powered-By: PHP/5.3.3-7+squeeze8\r\n
Set-Cookie: PHPSESSID=gl7512acak07o1037ecrvo4lp2; path=/\r\n
Vary: Accept-Encoding\r\n
Content-Encoding: gzip\r\n
Content-Length: 20\r\n
[Content length: 20]
Connection: close\r\n
Content-Type: text/html\r\n
\r\n
Content-encoded entity body (gzip): 20 bytes [Error: Decompression failed]
Data (20 bytes)

0000 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 …
0010 00 00 00 00 …
Data: 1f8b080000000000000303000000000000000000
[Length: 20]

No. Time Source Destination Protocol Length Info New Column
33 853.997500 88.190.31.67 88.12.46.10 TCP 78 http > 46656 [FIN, ACK] Seq=327 Ack=235 Win=6144 Len=0 TSval=1213176840 TSecr=1895590 SLE=1675 SRE=2047 33

Frame 33: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Arrival Time: Apr 14, 2012 18:18:18.157607000 CEST
Epoch Time: 1334420298.157607000 seconds
[Time delta from previous captured frame: 0.000055000 seconds]
[Time delta from previous displayed frame: 0.000055000 seconds]
[Time since reference or first frame: 853.997500000 seconds]
Frame Number: 33
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 88.12.46.10 (88.12.46.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 64
Identification: 0xa814 (43028)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x948c [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 88.12.46.10 (88.12.46.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 46656 (46656), Seq: 327, Ack: 235, Len: 0
Source port: http (80)
Destination port: 46656 (46656)
[Stream index: 3]
Sequence number: 327 (relative sequence number)
Acknowledgement number: 235 (relative ack number)
Header length: 44 bytes
Flags: 0x11 (FIN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0x45de [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1213176840, TSecr 1895590
Kind: Timestamp (8)
Length: 10
Timestamp value: 1213176840
Timestamp echo reply: 1895590
No-Operation (NOP)
No-Operation (NOP)
SACK: 1675-2047
left edge = 1675 (relative)
right edge = 2047 (relative)

No. Time Source Destination Protocol Length Info New Column
34 854.043875 88.12.46.10 88.190.31.67 TCP 66 46656 > http [ACK] Seq=2047 Ack=327 Win=6912 Len=0 TSval=1899648 TSecr=1213176840 34

Frame 34: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 14, 2012 18:18:18.203982000 CEST
Epoch Time: 1334420298.203982000 seconds
[Time delta from previous captured frame: 0.046375000 seconds]
[Time delta from previous displayed frame: 0.046375000 seconds]
[Time since reference or first frame: 854.043875000 seconds]
Frame Number: 34
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x5f28 (24360)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe784 [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 2047, Ack: 327, Len: 0
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 2047 (relative sequence number)
Acknowledgement number: 327 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 3456
[Calculated window size: 6912]
[Window size scaling factor: 2]
Checksum: 0x81a7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1899648, TSecr 1213176840
Kind: Timestamp (8)
Length: 10
Timestamp value: 1899648
Timestamp echo reply: 1213176840
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 32]
[The RTT to ACK the segment was: 0.046430000 seconds]

No. Time Source Destination Protocol Length Info New Column
35 854.084740 88.12.46.10 88.190.31.67 TCP 66 46656 > http [ACK] Seq=2047 Ack=328 Win=6912 Len=0 TSval=1899657 TSecr=1213176840 35

Frame 35: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 14, 2012 18:18:18.244847000 CEST
Epoch Time: 1334420298.244847000 seconds
[Time delta from previous captured frame: 0.040865000 seconds]
[Time delta from previous displayed frame: 0.040865000 seconds]
[Time since reference or first frame: 854.084740000 seconds]
Frame Number: 35
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x5f29 (24361)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe783 [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 2047, Ack: 328, Len: 0
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 2047 (relative sequence number)
Acknowledgement number: 328 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 3456
[Calculated window size: 6912]
[Window size scaling factor: 2]
Checksum: 0x819d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1899657, TSecr 1213176840
Kind: Timestamp (8)
Length: 10
Timestamp value: 1899657
Timestamp echo reply: 1213176840
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 33]
[The RTT to ACK the segment was: 0.087240000 seconds]

No. Time Source Destination Protocol Length Info New Column
36 854.099020 88.12.46.10 88.190.31.67 TCP 66 46656 > http [FIN, ACK] Seq=2047 Ack=328 Win=6912 Len=0 TSval=1899659 TSecr=1213176840 36

Frame 36: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 14, 2012 18:18:18.259127000 CEST
Epoch Time: 1334420298.259127000 seconds
[Time delta from previous captured frame: 0.014280000 seconds]
[Time delta from previous displayed frame: 0.014280000 seconds]
[Time since reference or first frame: 854.099020000 seconds]
Frame Number: 36
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.12.46.10 (88.12.46.10), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0x5f2a (24362)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (6)
Header checksum: 0xe782 [correct]
[Good: True]
[Bad: False]
Source: 88.12.46.10 (88.12.46.10)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 46656 (46656), Dst Port: http (80), Seq: 2047, Ack: 328, Len: 0
Source port: 46656 (46656)
Destination port: http (80)
[Stream index: 3]
Sequence number: 2047 (relative sequence number)
Acknowledgement number: 328 (relative ack number)
Header length: 32 bytes
Flags: 0x11 (FIN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size value: 3456
[Calculated window size: 6912]
[Window size scaling factor: 2]
Checksum: 0x819a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1899659, TSecr 1213176840
Kind: Timestamp (8)
Length: 10
Timestamp value: 1899659
Timestamp echo reply: 1213176840

No. Time Source Destination Protocol Length Info New Column
37 854.099041 88.190.31.67 88.12.46.10 TCP 78 [TCP Dup ACK 33#1] http > 46656 [ACK] Seq=328 Ack=235 Win=6144 Len=0 TSval=1213176866 TSecr=1895590 SLE=1675 SRE=2048 37

Frame 37: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Arrival Time: Apr 14, 2012 18:18:18.259148000 CEST
Epoch Time: 1334420298.259148000 seconds
[Time delta from previous captured frame: 0.000021000 seconds]
[Time delta from previous displayed frame: 0.000021000 seconds]
[Time since reference or first frame: 854.099041000 seconds]
Frame Number: 37
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff), Dst: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Destination: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 88.12.46.10 (88.12.46.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 64
Identification: 0xa815 (43029)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x948b [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 88.12.46.10 (88.12.46.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 46656 (46656), Seq: 328, Ack: 235, Len: 0
Source port: http (80)
Destination port: 46656 (46656)
[Stream index: 3]
Sequence number: 328 (relative sequence number)
Acknowledgement number: 235 (relative ack number)
Header length: 44 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0x45c3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1213176866, TSecr 1895590
Kind: Timestamp (8)
Length: 10
Timestamp value: 1213176866
Timestamp echo reply: 1895590
No-Operation (NOP)
No-Operation (NOP)
SACK: 1675-2048
left edge = 1675 (relative)
right edge = 2048 (relative)
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 33]
[Expert Info (Note/Sequence): Duplicate ACK (#1)]
[Message: Duplicate ACK (#1)]
[Severity level: Note]
[Group: Sequence][/code]

A première vue, il manque 1440 octets (1675-235) de données entre les segments des paquets n° 28 et 30 émis par le client. Si ces données ont été envoyées dans un seul segment (sauf erreur c’est la taille de segment maximum que peut envoyer le client compte tenu du MSS qu’il a annoncé et des options), alors cela signifie qu’il n’a pas tenu compte du MSS annoncé par ton serveur. Dans ce cas, je ne vois pas trop quoi faire à part baisser la taille de fenêtre TCP à une valeur abominablement basse pour empêcher l’émetteur d’envoyer trop de données à la fois, ce qui induirait probablement des performances abominablement mauvaises aussi…

OK merci Pascal …

Ce matin, un utilisateur a le même problème et ensuite je recois des [RST,ACK] toutes les 20 secondes.
Est-ce ça veut dire quelquechose ?

[code]No. Time Source Destination Protocol Length Info New Column
1 0.000000 92.157.22.194 88.190.31.67 TCP 60 56370 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 1

Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:12:23.858602000 CEST
Epoch Time: 1334481143.858602000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0xe0f8 (57592)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x7a77 [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56370 (56370), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56370 (56370)
Destination port: http (80)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x8951 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
2 20.321973 92.157.22.194 88.190.31.67 TCP 60 56371 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 2

Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:12:44.180575000 CEST
Epoch Time: 1334481164.180575000 seconds
[Time delta from previous captured frame: 20.321973000 seconds]
[Time delta from previous displayed frame: 20.321973000 seconds]
[Time since reference or first frame: 20.321973000 seconds]
Frame Number: 2
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x51c4 (20932)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x09ac [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56371 (56371), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56371 (56371)
Destination port: http (80)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x56a6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
3 40.942129 92.157.22.194 88.190.31.67 TCP 60 56384 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 3

Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:13:04.800731000 CEST
Epoch Time: 1334481184.800731000 seconds
[Time delta from previous captured frame: 20.620156000 seconds]
[Time delta from previous displayed frame: 20.620156000 seconds]
[Time since reference or first frame: 40.942129000 seconds]
Frame Number: 3
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0xad9d (44445)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xadd2 [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56384 (56384), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56384 (56384)
Destination port: http (80)
[Stream index: 2]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x075e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
4 61.260952 92.157.22.194 88.190.31.67 TCP 60 56385 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 4

Frame 4: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:13:25.119554000 CEST
Epoch Time: 1334481205.119554000 seconds
[Time delta from previous captured frame: 20.318823000 seconds]
[Time delta from previous displayed frame: 20.318823000 seconds]
[Time since reference or first frame: 61.260952000 seconds]
Frame Number: 4
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x40bf (16575)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x1ab1 [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56385 (56385), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56385 (56385)
Destination port: http (80)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x6857 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
5 81.783860 92.157.22.194 88.190.31.67 TCP 60 56406 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 5

Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:13:45.642462000 CEST
Epoch Time: 1334481225.642462000 seconds
[Time delta from previous captured frame: 20.522908000 seconds]
[Time delta from previous displayed frame: 20.522908000 seconds]
[Time since reference or first frame: 81.783860000 seconds]
Frame Number: 5
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x7fe3 (32739)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xdb8c [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56406 (56406), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56406 (56406)
Destination port: http (80)
[Stream index: 4]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x252c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
6 102.302242 92.157.22.194 88.190.31.67 TCP 60 56407 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 6

Frame 6: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:14:06.160844000 CEST
Epoch Time: 1334481246.160844000 seconds
[Time delta from previous captured frame: 20.518382000 seconds]
[Time delta from previous displayed frame: 20.518382000 seconds]
[Time since reference or first frame: 102.302242000 seconds]
Frame Number: 6
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x7bb7 (31671)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0xdfb8 [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56407 (56407), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56407 (56407)
Destination port: http (80)
[Stream index: 5]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x7898 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info New Column
7 122.620321 92.157.22.194 88.190.31.67 TCP 60 56410 > http [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 7

Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Apr 15, 2012 11:14:26.478923000 CEST
Epoch Time: 1334481266.478923000 seconds
[Time delta from previous captured frame: 20.318079000 seconds]
[Time delta from previous displayed frame: 20.318079000 seconds]
[Time since reference or first frame: 122.620321000 seconds]
Frame Number: 7
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Cisco_f6:94:7f (00:25:45:f6:94:7f), Dst: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Destination: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
Address: Dell_e4:4a:ff (bc:30:5b:e4:4a:ff)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Source: Cisco_f6:94:7f (00:25:45:f6:94:7f)
Address: Cisco_f6:94:7f (00:25:45:f6:94:7f)
… …0 … … … … = IG bit: Individual address (unicast)
… …0. … … … … = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol Version 4, Src: 92.157.22.194 (92.157.22.194), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 40
Identification: 0x18d9 (6361)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: TCP (6)
Header checksum: 0x4297 [correct]
[Good: True]
[Bad: False]
Source: 92.157.22.194 (92.157.22.194)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 56410 (56410), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 56410 (56410)
Destination port: http (80)
[Stream index: 6]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .1… = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x4441 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False][/code]

Quand on voit passer un RST, c’est que la connexion TCP est interrompue. Si problème il y a, il s’est passé avant.

Je note juste que 92.157.22.194 est une adresse de connexion ADSL Orange, pas de téléphonie mobile.

Oui tu as raison ce n’est pas un téléphone, il a synchronisé son Thunderbird de son ordinateur.
Je vais essayé de prendre contact avec lui. A ton avis quels tests je peux lui demander de faire ? Il faut capturer les données qui sont envoyés au serveur et comparer avec ce que je captures sur le serveur ?

Oui les RST sont envoyés après le problème.

Une capture de paquets de son côté serait l’idéal.
Tu pourrais aussi lui demander de diminuer le MTU de son ordinateur pour tester si ça fait une différence.
Mais autant je peux envisager que les piles TCP/IP des OS de téléphone mobile se comportent de façon un peu “exotique”, autant je serais surpris que celles des OS d’ordinateur les plus répandus ne respectent pas le MSS envoyé par l’autre côté.