Problème MTU / MSS ?

Voilà je viens de les récupérer (j’ai trop de la chance que l’utilisateur ait pu le faire !)

Donc les paquets sont retransmis plusieurs fois, et le serveur ne les reçoit pas…
Le MSS n’est pas le même dans la trame 1 et 2 (MSS configuré avec iptables=576). Est-ce que c’est Orange qui les modifie ???

Coté client: (le fichier en entier ici: http://www.memotoo.com/capture_ethereal_2012-04-15_client1.txt)

[code]No. Time Source Destination Protocol Length Info New Column
1 0.000000 192.168.0.1 88.190.31.67 TCP 78 50376 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=622344802 TSecr=0 SACK_PERM=1 1

Frame 1: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Arrival Time: Apr 15, 2012 18:03:47.375838000 CEST
Epoch Time: 1334505827.375838000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 64
Identification: 0xb72c (46892)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x497f [correct]
[Good: True]
[Bad: False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 0, Len: 0
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …0 … = Acknowledgement: Not set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
Checksum: 0x2ed7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
No-Operation (NOP)
Window scale: 3 (multiply by 8)
Kind: Window Scale (3)
Length: 3
Shift count: 3
[Multiplier: 8]
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344802, TSecr 0
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344802
Timestamp echo reply: 0
TCP SACK Permitted Option: True
End of Option List (EOL)

No. Time Source Destination Protocol Length Info New Column
2 0.047724 88.190.31.67 192.168.0.1 TCP 74 http > 50376 [SYN, ACK] Seq=0 Ack=1 Win=4992 Len=0 MSS=1452 SACK_PERM=1 TSval=1234556598 TSecr=622344802 WS=128 2

Frame 2: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Apr 15, 2012 18:03:47.423562000 CEST
Epoch Time: 1334505827.423562000 seconds
[Time delta from previous captured frame: 0.047724000 seconds]
[Time delta from previous displayed frame: 0.047724000 seconds]
[Time since reference or first frame: 0.047724000 seconds]
Frame Number: 2
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 60
Identification: 0x0000 (0)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 51
Protocol: TCP (6)
Header checksum: 0x0db0 [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x12 (SYN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 4992
[Calculated window size: 4992]
Checksum: 0x7106 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1452 bytes
TCP SACK Permitted Option: True
Timestamps: TSval 1234556598, TSecr 622344802
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234556598
Timestamp echo reply: 622344802
No-Operation (NOP)
Window scale: 7 (multiply by 128)
Kind: Window Scale (3)
Length: 3
Shift count: 7
[Multiplier: 128]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1]
[The RTT to ACK the segment was: 0.047724000 seconds]

No. Time Source Destination Protocol Length Info New Column
3 0.047767 192.168.0.1 88.190.31.67 TCP 66 50376 > http [ACK] Seq=1 Ack=1 Win=524280 Len=0 TSval=622344803 TSecr=1234556598 3

Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 15, 2012 18:03:47.423605000 CEST
Epoch Time: 1334505827.423605000 seconds
[Time delta from previous captured frame: 0.000043000 seconds]
[Time delta from previous displayed frame: 0.000043000 seconds]
[Time since reference or first frame: 0.047767000 seconds]
Frame Number: 3
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0xd26c (53868)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x2e4b [correct]
[Good: True]
[Bad: False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xb349 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344803, TSecr 1234556598
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344803
Timestamp echo reply: 1234556598
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2]
[The RTT to ACK the segment was: 0.000043000 seconds]

No. Time Source Destination Protocol Length Info New Column
4 0.047878 192.168.0.1 88.190.31.67 TCP 548 [TCP segment of a reassembled PDU] 4

Frame 4: 548 bytes on wire (4384 bits), 548 bytes captured (4384 bits)
Arrival Time: Apr 15, 2012 18:03:47.423716000 CEST
Epoch Time: 1334505827.423716000 seconds
[Time delta from previous captured frame: 0.000111000 seconds]
[Time delta from previous displayed frame: 0.000111000 seconds]
[Time since reference or first frame: 0.047878000 seconds]
Frame Number: 4
Frame Length: 548 bytes (4384 bits)
Capture Length: 548 bytes (4384 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst: 88.190.31.67 (88.190.31.67)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 534
Identification: 0x8411 (33809)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x7ac4 [correct]
[Good: True]
[Bad: False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 88.190.31.67 (88.190.31.67)
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 1, Ack: 1, Len: 482
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 483 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xc9d5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344803, TSecr 1234556598
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344803
Timestamp echo reply: 1234556598
[SEQ/ACK analysis]
[Bytes in flight: 482]
TCP segment data (482 bytes)

No. Time Source Destination Protocol Length Info New Column
5 0.103071 88.190.31.67 192.168.0.1 TCP 66 http > 50376 [ACK] Seq=1 Ack=483 Win=6144 Len=0 TSval=1234556611 TSecr=622344803 5

Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 15, 2012 18:03:47.478909000 CEST
Epoch Time: 1334505827.478909000 seconds
[Time delta from previous captured frame: 0.055193000 seconds]
[Time delta from previous displayed frame: 0.055193000 seconds]
[Time since reference or first frame: 0.103071000 seconds]
Frame Number: 5
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Internet Protocol Version 4, Src: 88.190.31.67 (88.190.31.67), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 52
Identification: 0xbb0a (47882)
Flags: 0x02 (Don’t Fragment)
0… … = Reserved bit: Not set
.1… … = Don’t fragment: Set
…0. … = More fragments: Not set
Fragment offset: 0
Time to live: 51
Protocol: TCP (6)
Header checksum: 0x52ad [correct]
[Good: True]
[Bad: False]
Source: 88.190.31.67 (88.190.31.67)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 1, Ack: 483, Len: 0
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xb12a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1234556611, TSecr 622344803
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234556611
Timestamp echo reply: 622344803
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.055193000 seconds]

No. Time Source Destination Protocol Length Info New Column
6 0.103116 192.168.0.1 88.190.31.67 HTTP 1373 POST / HTTP/1.1 (application/vnd.syncml+xml) 6

Frame 6: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits)
Arrival Time: Apr 15, 2012 18:03:47.478954000 CEST
Epoch Time: 1334505827.478954000 seconds
[Time delta from previous captured frame: 0.000045000 seconds]
[Time delta from previous displayed frame: 0.000045000 seconds]
[Time since reference or first frame: 0.103116000 seconds]
Frame Number: 6
Frame Length: 1373 bytes (10984 bits)
Capture Length: 1373 bytes (10984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:media]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 483, Ack: 1, Len: 1307
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 483 (relative sequence number)
[Next sequence number: 1790 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xb6cd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344803, TSecr 1234556611
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344803
Timestamp echo reply: 1234556611
[SEQ/ACK analysis]
[Bytes in flight: 1307]
TCP segment data (1307 bytes)
[11 Reassembled TCP Segments (1789 bytes): #4(482), #6(1307), #7(1307), #8(1307), #9(1307), #10(1307), #19(1307), #22(1307), #23(1307), #24(1307), #25(1307)]
[Frame: 4, payload: 0-481 (482 bytes)]
[Frame: 6, payload: 482-1788 (1307 bytes)]
[Frame: 7, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 8, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 9, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 10, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 19, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 22, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 23, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 24, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Frame: 25, payload: 482-1788 (1307 bytes)]
[Segment overlap: True]
[Segment count: 11]
[Reassembled TCP length: 1789]
Hypertext Transfer Protocol
POST / HTTP/1.1\r\n
[Expert Info (Chat/Sequence): POST / HTTP/1.1\r\n]
[Message: POST / HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: POST
Request URI: /
Request Version: HTTP/1.1
Host: sync.memotoo.com\r\n
User-Agent: Funambol Mozilla Sync Client v0.9.1\r\n
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5\r\n
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 300\r\n
Connection: keep-alive\r\n
Content-Type: application/vnd.syncml+xml\r\n
Content-Length: 1307\r\n
[Content length: 1307]
Pragma: no-cache\r\n
Cache-Control: no-cache\r\n
\r\n
[Full request URI: http://sync.memotoo.com/]
Media Type
Media Type: application/vnd.syncml+xml (1307 bytes)

No. Time Source Destination Protocol Length Info New Column
7 1.045730 192.168.0.1 88.190.31.67 TCP 1373 [TCP Retransmission] [TCP segment of a reassembled PDU] 7

Frame 7: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits)
Arrival Time: Apr 15, 2012 18:03:48.421568000 CEST
Epoch Time: 1334505828.421568000 seconds
[Time delta from previous captured frame: 0.942614000 seconds]
[Time delta from previous displayed frame: 0.942614000 seconds]
[Time since reference or first frame: 1.045730000 seconds]
Frame Number: 7
Frame Length: 1373 bytes (10984 bits)
Capture Length: 1373 bytes (10984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 483, Ack: 1, Len: 1307
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 483 (relative sequence number)
[Next sequence number: 1790 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xb6c4 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344812, TSecr 1234556611
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344812
Timestamp echo reply: 1234556611
[SEQ/ACK analysis]
[Bytes in flight: 1307]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 0.942614000 seconds]
[RTO based on delta from frame: 6]
[Reassembled PDU in frame: 6]
TCP segment data (1307 bytes)

No. Time Source Destination Protocol Length Info New Column
8 3.048021 192.168.0.1 88.190.31.67 TCP 1373 [TCP Retransmission] [TCP segment of a reassembled PDU] 8

Frame 8: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits)
Arrival Time: Apr 15, 2012 18:03:50.423859000 CEST
Epoch Time: 1334505830.423859000 seconds
[Time delta from previous captured frame: 2.002291000 seconds]
[Time delta from previous displayed frame: 2.002291000 seconds]
[Time since reference or first frame: 3.048021000 seconds]
Frame Number: 8
Frame Length: 1373 bytes (10984 bits)
Capture Length: 1373 bytes (10984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 483, Ack: 1, Len: 1307
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 483 (relative sequence number)
[Next sequence number: 1790 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xb6b0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344832, TSecr 1234556611
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344832
Timestamp echo reply: 1234556611
[SEQ/ACK analysis]
[Bytes in flight: 1307]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 2.944905000 seconds]
[RTO based on delta from frame: 6]
[Reassembled PDU in frame: 6]
TCP segment data (1307 bytes)

No. Time Source Destination Protocol Length Info New Column
9 7.050827 192.168.0.1 88.190.31.67 TCP 1373 [TCP Retransmission] [TCP segment of a reassembled PDU] 9

Frame 9: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits)
Arrival Time: Apr 15, 2012 18:03:54.426665000 CEST
Epoch Time: 1334505834.426665000 seconds
[Time delta from previous captured frame: 4.002806000 seconds]
[Time delta from previous displayed frame: 4.002806000 seconds]
[Time since reference or first frame: 7.050827000 seconds]
Frame Number: 9
Frame Length: 1373 bytes (10984 bits)
Capture Length: 1373 bytes (10984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 483, Ack: 1, Len: 1307
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 483 (relative sequence number)
[Next sequence number: 1790 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xb688 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344872, TSecr 1234556611
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344872
Timestamp echo reply: 1234556611
[SEQ/ACK analysis]
[Bytes in flight: 1307]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 6.947711000 seconds]
[RTO based on delta from frame: 6]
[Reassembled PDU in frame: 6]
TCP segment data (1307 bytes)

No. Time Source Destination Protocol Length Info New Column
10 15.056194 192.168.0.1 88.190.31.67 TCP 1373 [TCP Retransmission] [TCP segment of a reassembled PDU] 10

Frame 10: 1373 bytes on wire (10984 bits), 1373 bytes captured (10984 bits)
Arrival Time: Apr 15, 2012 18:04:02.432032000 CEST
Epoch Time: 1334505842.432032000 seconds
[Time delta from previous captured frame: 8.005367000 seconds]
[Time delta from previous displayed frame: 8.005367000 seconds]
[Time since reference or first frame: 15.056194000 seconds]
Frame Number: 10
Frame Length: 1373 bytes (10984 bits)
Capture Length: 1373 bytes (10984 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 483, Ack: 1, Len: 1307
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 483 (relative sequence number)
[Next sequence number: 1790 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0xb638 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344952, TSecr 1234556611
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344952
Timestamp echo reply: 1234556611
[SEQ/ACK analysis]
[Bytes in flight: 1307]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 14.953078000 seconds]
[RTO based on delta from frame: 6]
[Reassembled PDU in frame: 6]
TCP segment data (1307 bytes)

No. Time Source Destination Protocol Length Info New Column
11 20.359684 88.190.31.67 192.168.0.1 HTTP 392 HTTP/1.1 408 Request Timeout 11

Frame 11: 392 bytes on wire (3136 bits), 392 bytes captured (3136 bits)
Arrival Time: Apr 15, 2012 18:04:07.735522000 CEST
Epoch Time: 1334505847.735522000 seconds
[Time delta from previous captured frame: 5.303490000 seconds]
[Time delta from previous displayed frame: 5.303490000 seconds]
[Time since reference or first frame: 20.359684000 seconds]
Frame Number: 11
Frame Length: 392 bytes (3136 bits)
Capture Length: 392 bytes (3136 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:data]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 1, Ack: 483, Len: 326
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 327 (relative sequence number)]
Acknowledgement number: 483 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0x2c16 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1234561620, TSecr 622344803
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234561620
Timestamp echo reply: 622344803
[SEQ/ACK analysis]
[Bytes in flight: 326]
Hypertext Transfer Protocol
HTTP/1.1 408 Request Timeout\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 408 Request Timeout\r\n]
[Message: HTTP/1.1 408 Request Timeout\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 408
Response Phrase: Request Timeout
Date: Sun, 15 Apr 2012 16:03:37 GMT\r\n
Server: Apache/2.2.16 (Debian)\r\n
X-Powered-By: PHP/5.3.3-7+squeeze8\r\n
Set-Cookie: PHPSESSID=gqrikpeq1ctv6381p5n1kt0o10; path=/\r\n
Vary: Accept-Encoding\r\n
Content-Encoding: gzip\r\n
Content-Length: 20\r\n
[Content length: 20]
Connection: close\r\n
Content-Type: text/html\r\n
\r\n
Content-encoded entity body (gzip): 20 bytes [Error: Decompression failed]
Data (20 bytes)

0000 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 …
0010 00 00 00 00 …
Data: 1f8b080000000000000303000000000000000000
[Length: 20]

No. Time Source Destination Protocol Length Info New Column
12 20.359733 192.168.0.1 88.190.31.67 TCP 66 50376 > http [ACK] Seq=1790 Ack=327 Win=524280 Len=0 TSval=622345005 TSecr=1234561620 12[/code]

Coté serveur: (le fichier en entier ici: http://www.memotoo.com/capture_ethereal_2012-04-15_memotoo1.txt)

[code]No. Time Source Destination Protocol Length Info New Column
1 0.000000 92.157.22.194 88.190.31.67 TCP 78 50376 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1452 WS=8 TSval=622344802 TSecr=0 SACK_PERM=1 1

Frame 1: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Arrival Time: Apr 15, 2012 18:03:37.186863000 CEST
Epoch Time: 1334505817.186863000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 78 bytes (624 bits)
Capture Length: 78 bytes (624 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 0, Len: 0
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …0 … = Acknowledgement: Not set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 65535]
Checksum: 0x7d8b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1452 bytes
No-Operation (NOP)
Window scale: 3 (multiply by 8)
Kind: Window Scale (3)
Length: 3
Shift count: 3
[Multiplier: 8]
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344802, TSecr 0
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344802
Timestamp echo reply: 0
TCP SACK Permitted Option: True
End of Option List (EOL)

No. Time Source Destination Protocol Length Info New Column
2 0.000048 88.190.31.67 92.157.22.194 TCP 74 http > 50376 [SYN, ACK] Seq=0 Ack=1 Win=4992 Len=0 MSS=576 SACK_PERM=1 TSval=1234556598 TSecr=622344802 WS=128 2

Frame 2: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Apr 15, 2012 18:03:37.186911000 CEST
Epoch Time: 1334505817.186911000 seconds
[Time delta from previous captured frame: 0.000048000 seconds]
[Time delta from previous displayed frame: 0.000048000 seconds]
[Time since reference or first frame: 0.000048000 seconds]
Frame Number: 2
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x12 (SYN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
… … …0 = Fin: Not set
Window size value: 4992
[Calculated window size: 4992]
Checksum: 0xc31e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 576 bytes
TCP SACK Permitted Option: True
Timestamps: TSval 1234556598, TSecr 622344802
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234556598
Timestamp echo reply: 622344802
No-Operation (NOP)
Window scale: 7 (multiply by 128)
Kind: Window Scale (3)
Length: 3
Shift count: 7
[Multiplier: 128]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1]
[The RTT to ACK the segment was: 0.000048000 seconds]

No. Time Source Destination Protocol Length Info New Column
3 0.044746 92.157.22.194 88.190.31.67 TCP 66 50376 > http [ACK] Seq=1 Ack=1 Win=524280 Len=0 TSval=622344803 TSecr=1234556598 3

Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 15, 2012 18:03:37.231609000 CEST
Epoch Time: 1334505817.231609000 seconds
[Time delta from previous captured frame: 0.044698000 seconds]
[Time delta from previous displayed frame: 0.044698000 seconds]
[Time since reference or first frame: 0.044746000 seconds]
Frame Number: 3
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0x01f6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344803, TSecr 1234556598
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344803
Timestamp echo reply: 1234556598
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2]
[The RTT to ACK the segment was: 0.044698000 seconds]

No. Time Source Destination Protocol Length Info New Column
4 0.054763 92.157.22.194 88.190.31.67 TCP 548 [TCP segment of a reassembled PDU] 4

Frame 4: 548 bytes on wire (4384 bits), 548 bytes captured (4384 bits)
Arrival Time: Apr 15, 2012 18:03:37.241626000 CEST
Epoch Time: 1334505817.241626000 seconds
[Time delta from previous captured frame: 0.010017000 seconds]
[Time delta from previous displayed frame: 0.010017000 seconds]
[Time since reference or first frame: 0.054763000 seconds]
Frame Number: 4
Frame Length: 548 bytes (4384 bits)
Capture Length: 548 bytes (4384 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: 50376 (50376), Dst Port: http (80), Seq: 1, Ack: 1, Len: 482
Source port: 50376 (50376)
Destination port: http (80)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 483 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 65535
[Calculated window size: 524280]
[Window size scaling factor: 8]
Checksum: 0x1882 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 622344803, TSecr 1234556598
Kind: Timestamp (8)
Length: 10
Timestamp value: 622344803
Timestamp echo reply: 1234556598
[SEQ/ACK analysis]
[Bytes in flight: 482]
TCP segment data (482 bytes)

No. Time Source Destination Protocol Length Info New Column
5 0.054801 88.190.31.67 92.157.22.194 TCP 66 http > 50376 [ACK] Seq=1 Ack=483 Win=6144 Len=0 TSval=1234556611 TSecr=622344803 5

Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 15, 2012 18:03:37.241664000 CEST
Epoch Time: 1334505817.241664000 seconds
[Time delta from previous captured frame: 0.000038000 seconds]
[Time delta from previous displayed frame: 0.000038000 seconds]
[Time since reference or first frame: 0.054801000 seconds]
Frame Number: 5
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 1, Ack: 483, Len: 0
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xffd6 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1234556611, TSecr 622344803
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234556611
Timestamp echo reply: 622344803
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.000038000 seconds]

No. Time Source Destination Protocol Length Info New Column
6 20.090564 88.190.31.67 92.157.22.194 HTTP 392 HTTP/1.1 408 Request Timeout 6

Frame 6: 392 bytes on wire (3136 bits), 392 bytes captured (3136 bits)
Arrival Time: Apr 15, 2012 18:03:57.277427000 CEST
Epoch Time: 1334505837.277427000 seconds
[Time delta from previous captured frame: 20.035763000 seconds]
[Time delta from previous displayed frame: 20.035763000 seconds]
[Time since reference or first frame: 20.090564000 seconds]
Frame Number: 6
Frame Length: 392 bytes (3136 bits)
Capture Length: 392 bytes (3136 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:data]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 1, Ack: 483, Len: 326
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 327 (relative sequence number)]
Acknowledgement number: 483 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xeccc [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1234561620, TSecr 622344803
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234561620
Timestamp echo reply: 622344803
[SEQ/ACK analysis]
[Bytes in flight: 326]
Hypertext Transfer Protocol
HTTP/1.1 408 Request Timeout\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 408 Request Timeout\r\n]
[Message: HTTP/1.1 408 Request Timeout\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 408
Response Phrase: Request Timeout
Date: Sun, 15 Apr 2012 16:03:37 GMT\r\n
Server: Apache/2.2.16 (Debian)\r\n
X-Powered-By: PHP/5.3.3-7+squeeze8\r\n
Set-Cookie: PHPSESSID=gqrikpeq1ctv6381p5n1kt0o10; path=/\r\n
Vary: Accept-Encoding\r\n
Content-Encoding: gzip\r\n
Content-Length: 20\r\n
[Content length: 20]
Connection: close\r\n
Content-Type: text/html\r\n
\r\n
Content-encoded entity body (gzip): 20 bytes [Error: Decompression failed]
Data (20 bytes)

0000 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 …
0010 00 00 00 00 …
Data: 1f8b080000000000000303000000000000000000
[Length: 20]

No. Time Source Destination Protocol Length Info New Column
7 20.090622 88.190.31.67 92.157.22.194 TCP 66 http > 50376 [FIN, ACK] Seq=327 Ack=483 Win=6144 Len=0 TSval=1234561620 TSecr=622344803 7

Frame 7: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Apr 15, 2012 18:03:57.277485000 CEST
Epoch Time: 1334505837.277485000 seconds
[Time delta from previous captured frame: 0.000058000 seconds]
[Time delta from previous displayed frame: 0.000058000 seconds]
[Time since reference or first frame: 20.090622000 seconds]
Frame Number: 7
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 327, Ack: 483, Len: 0
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 327 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 32 bytes
Flags: 0x11 (FIN, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 0… = Push: Not set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xeafe [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1234561620, TSecr 622344803
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234561620
Timestamp echo reply: 622344803

No. Time Source Destination Protocol Length Info New Column
8 20.339864 88.190.31.67 92.157.22.194 HTTP 392 [TCP Retransmission] HTTP/1.1 408 Request Timeout 8

Frame 8: 392 bytes on wire (3136 bits), 392 bytes captured (3136 bits)
Arrival Time: Apr 15, 2012 18:03:57.526727000 CEST
Epoch Time: 1334505837.526727000 seconds
[Time delta from previous captured frame: 0.249242000 seconds]
[Time delta from previous displayed frame: 0.249242000 seconds]
[Time since reference or first frame: 20.339864000 seconds]
Frame Number: 8
Frame Length: 392 bytes (3136 bits)
Capture Length: 392 bytes (3136 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:http:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Transmission Control Protocol, Src Port: http (80), Dst Port: 50376 (50376), Seq: 1, Ack: 483, Len: 326
Source port: http (80)
Destination port: 50376 (50376)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 327 (relative sequence number)]
Acknowledgement number: 483 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
000. … … = Reserved: Not set
…0 … … = Nonce: Not set
… 0… … = Congestion Window Reduced (CWR): Not set
… .0… … = ECN-Echo: Not set
… …0. … = Urgent: Not set
… …1 … = Acknowledgement: Set
… … 1… = Push: Set
… … .0… = Reset: Not set
… … …0. = Syn: Not set
… … …0 = Fin: Not set
Window size value: 48
[Calculated window size: 6144]
[Window size scaling factor: 128]
Checksum: 0xeccc [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
No-Operation (NOP)
No-Operation (NOP)
Timestamps: TSval 1234561683, TSecr 622344803
Kind: Timestamp (8)
Length: 10
Timestamp value: 1234561683
Timestamp echo reply: 622344803
[SEQ/ACK analysis]
[Bytes in flight: 327]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 0.249242000 seconds]
[RTO based on delta from frame: 7]
Hypertext Transfer Protocol
HTTP/1.1 408 Request Timeout\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 408 Request Timeout\r\n]
[Message: HTTP/1.1 408 Request Timeout\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 408
Response Phrase: Request Timeout
Date: Sun, 15 Apr 2012 16:03:37 GMT\r\n
Server: Apache/2.2.16 (Debian)\r\n
X-Powered-By: PHP/5.3.3-7+squeeze8\r\n
Set-Cookie: PHPSESSID=gqrikpeq1ctv6381p5n1kt0o10; path=/\r\n
Vary: Accept-Encoding\r\n
Content-Encoding: gzip\r\n
Content-Length: 20\r\n
[Content length: 20]
Connection: close\r\n
Content-Type: text/html\r\n
\r\n
Content-encoded entity body (gzip): 20 bytes [Error: Decompression failed]
Data (20 bytes)

0000 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 …
0010 00 00 00 00 …
Data: 1f8b080000000000000303000000000000000000
[Length: 20]

No. Time Source Destination Protocol Length Info New Column
9 20.357020 92.157.22.194 88.190.31.67 TCP 66 [TCP Previous segment lost] 50376 > http [ACK] Seq=1790 Ack=327 Win=524280 Len=0 TSval=622345005 TSecr=1234561620 9[/code]

Visiblement, il y a un équipement quelque part sur le chemin qui réécrit aveuglément le MSS à 1452 dans les deux sens, que la valeur originelle soit supérieure ou inférieure !
Et ce sont bien de gros segments (~1300 octets) qui sont perdus entre le client et ton serveur.
En tout cas si j’essaie depuis ma connexion je reçois bien le MSS à 576, donc a priori le responsable de ce tripatouillage n’est pas un équipement du côté de ton hébergeur. En revanche les pings de plus de 1300 octets ne passent pas (je ne sais pas si c’est à l’aller ou au retour, je ne sais pas si ça ne concerne que le ping). Et si je fragmente à 1300 ou en-dessous, alors la reponse me parvient aussi fragmentée à 1300 !

Oui je suis d’accord avec toi, il y a un équipement qui ré-écrit le MTU à 1452 car aussi c’est ça que je reçois sur le serveur alors que le client envoie un MTU de 1460.

Les ping ont peut être des problèmes à cause de règles iptables que j’ai mis.
Quelles commande utilises-tu ping pour tester ?
Veux-tu que je vérifies une configuration de mon serveur ?

ping -s <taille-28> 88.190.31.67(il faut compter 28 octets pour l’en-tête IP+ICMP)
Un traceroute en ICMP avec une taille supérieure à 1300 s’arrête sur le dernier routeur, mais cela ne permet pas de savoir si c’est ce routeur qui bloque ou ton serveur qui ne répond pas.

Tu peux faire la même chose et faire une capture sur le serveur pour vérifier si les paquets qui n’ont pas de réponse arrivent.

Avec cette commande, les paquets n’arrivent pas:

Avec cette commande, les paquets arrivent:

Par contre si j’augmentes le MTU à 1500, les paquets arrivent. (j’ai fait ce test sur un autre serveur)

Veux-tu que je testes autre chose ?

Bon… Je te dois des excuses. J’avais affirmé :
"Le MTU ne sert qu’en émission (et pour calculer le MSS annoncé). Même avec un MTU à 1000, l’interface ethernet continue à accepter des paquets de 1500 octets."
Or je viens de tester sur une de mes machines, et surprise : elle ne reçoit pas les paquets de taille supérieure au MTU ! Alors qu’une autre les reçoit parfaitement, conformément à mon expérience passée. Je ne sais pas si ça vient du type de contrôleur ethernet, du pilote, de la version du noyau…
Donc je t’engage à repasser le MTU de ton serveur à 1500.

Si ça peut aider :

Depuis mon accès câble BBOX :

C:\Users\win>tracert 88.190.31.67

Détermination de l'itinéraire vers dd32442.memotoo.com [88.190.31.67]
avec un maximum de 30 sauts :

  1     4 ms     1 ms     1 ms  gestionbbox.lan.home [192.168.1.254]
  2     9 ms     7 ms     6 ms  10.118.62.1
  3    11 ms    16 ms    12 ms  213-245-252-177.rev.numericable.fr [213.245.252
177]
  4    10 ms    10 ms    19 ms  ip-54.net-80-236-1.static.numericable.fr [80.23
.1.54]
  5     8 ms    10 ms     6 ms  ip-49.net-80-236-1.static.numericable.fr [80.23
.1.49]
  6    10 ms    14 ms     8 ms  89.89.102.254
  7    10 ms     *        *     89.89.102.253
  8     9 ms    14 ms    10 ms  V211.TenGEC3-20G.core02-t2.club-internet.fr [62
34.0.161]
  9     *        *        *     Délai d'attente de la demande dépassé.
 10    12 ms    17 ms    12 ms  dedibox-vty-2-p.intf.routers.proxad.net [212.27
50.42]
 11    19 ms    15 ms    17 ms  4k1-6k1-po1.vty.dedibox.fr [88.190.3.6]
 12    33 ms    21 ms    13 ms  dd32442.memotoo.com [88.190.31.67]

Itinéraire déterminé.

Depuis mon accès virgin mobile (orange) :

[code]
C:\Users\win>tracert 88.190.31.67

Détermination de l’itinéraire vers dd32442.memotoo.com [88.190.31.67]
avec un maximum de 30 sauts :

1 5 ms 2 ms 16 ms 192.168.43.1
2 101 ms 68 ms 58 ms 10.164.65.25
3 129 ms 58 ms 64 ms 10.164.65.26
4 52 ms 50 ms 59 ms dd32442.memotoo.com [88.190.31.67]
5 122 ms 49 ms 63 ms dd32442.memotoo.com [88.190.31.67]
6 64 ms 57 ms 88 ms dd32442.memotoo.com [88.190.31.67]
7 46 ms 73 ms 57 ms dd32442.memotoo.com [88.190.31.67]
8 59 ms 54 ms 52 ms dd32442.memotoo.com [88.190.31.67]
9 100 ms 62 ms 72 ms dd32442.memotoo.com [88.190.31.67]
10 50 ms 62 ms 46 ms dd32442.memotoo.com [88.190.31.67]
11 100 ms 63 ms 70 ms dd32442.memotoo.com [88.190.31.67]
12 112 ms 65 ms 64 ms dd32442.memotoo.com [88.190.31.67]
13 49 ms 65 ms 64 ms dd32442.memotoo.com [88.190.31.67]
14 * 217 ms 47 ms dd32442.memotoo.com [88.190.31.67]
15 48 ms 103 ms 51 ms dd32442.memotoo.com [88.190.31.67]
16 94 ms 48 ms 63 ms dd32442.memotoo.com [88.190.31.67]
17 96 ms 49 ms 50 ms dd32442.memotoo.com [88.190.31.67]
18 115 ms 48 ms 57 ms dd32442.memotoo.com [88.190.31.67]
^C[/code]

Intéressant. Ça sent le proxy transparent… En tout cas une chose est sûre, ce n’est pas du vrai internet.

Voilà je viens de repasser les serveurs en MTU 1500.

Maintenant la commande avec 1500 marche:

Je vais voir si l’utilisateur qui m’a donné les traces ethereal a toujours le problème.
Mais bon on est juste revenu à l’état d’origine, donc j’ai toujours un problème… Ce sont des utilisateurs qui ont un MSS<1500 mais peut-être qu’ils envoient des paquets plus gros que 1500 ? Et si j’augmentais le MTU ?

@secuip: Maintenant avec Virgin Mobile as-tu toujours le même comportement ??

Pas tout-à-fait : tu as maintenant une réduction du MSS annoncé par ton serveur qui fonctionne.
Certes elle va être écrasée par les équipements qui la réécrivent à tort, mais tu n’y peux pas grand chose.
Il est très peu problable que des terminaux mobiles envoient des paquets de plus de 1500 octets.
Le résultat du traceroute depuis la ligne Virgin Mobile n’a rien à voir avec le MTU de ton interface.

[quote=“Thomas”]
@secuip: Maintenant avec Virgin Mobile as-tu toujours le même comportement ??[/quote]

OUI. Je pense que PascalHambourg a raison (encore ) et que ce n’est pas ton serveur qui me réponds mais un proxy transparent.

Oui c’est clair que PascalHambourg est un bon

Proxy transparent: donc je vais toujours avoir ce problème ???
C’est quand même bizarre car comment font les sites web qui ont beaucoup d’utilisateurs et qui se connectent en avec leur mobile, ils doivent avoir pleins de mails de mécontent. Exemple l’iCloud ? Le proxy transparent existe aussi pour eux …

(je ne sais pas encore si l’utilisateur que j’ai contacté a toujours le problème, je le serais peut être ce soir)

Dissipons un éventuel malentendu. Il n’y a a priori pas de lien entre les pertes de segments TCP et l’éventuelle présence d’un proxy transparent (supposée à partir d’une observation faite avec une connexion Virgin mobile, qu’on ne peut pas généraliser).

• Tu as mis un MTU à 1500 donc ton serveur est capable de recevoir des paquets de cette taille. Je pense que certains des blocages mis en évidence dans les traces fournies venaient du MTU abaissé.
• Tu réajustes le MSS annoncé par ton serveur à une valeur inférieure afin que les clients qui le reçoivent et en tiennent compte n’envoient pas des paquets trop gros qui risqueraient d’être perdus en chemin. Pour les autres, je ne vois pas quoi faire de plus.

Alors je viens d’avoir le retour de l’utilisateur qui m’avait fournit les trames en erreur (avec MTU 1300), et maintenant ça marche avec le MTU remis à 1500.

J’ai toujours avec des téléphones qui envoient des trames surement inférieurs à 1000 / 1200 car le content-length HTTP que je reçois est de l’ordre de 900… Ce sont des BlackBerry, Android, …

Toujours des problèmes de segments non reçus ?
Soit ces paquets sont perdus en chemin et je vois pas quoi faire de plus, soit il y a un bug dans l’interface ethernet ou son pilote. Il y a des messages relatifs à l’interface dans les logs du noyau ? En dernier recours j’essaierai de désactiver toutes les optimisations d’offload (TSO, GSO, GRO…) avec ethtool s’il y en a.

Oui toujours des problèmes, et surement des segments non reçus… Je n’ai pas encore réussi à re-avoir une trace ethereal d’un utilisateur.

J’ai rien dans le /var/log/kern.log

Pour ce qui est de ethtool, voilà ce que ça retourne, tu vois quelquechose de bizare ?

Offload parameters for eth0: rx-checksumming: on tx-checksumming: on scatter-gather: on tcp-segmentation-offload: on udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: off large-receive-offload: off ntuple-filters: off receive-hashing: off

Il y a des options d’offload activées. Il y a parfois des bugs dans la gestion, il faudrait tester après les avoir toutes désactivées (ethtool -K me souviens plus de la syntaxe exacte).

Je les ai désactivé mais ça n’a rien changé…

Je vais essayé d’autres ethereal coté client.

Alors je n’ai plus d’idée.
Tu peux quand même remonter le MSS forcé par iptables à un peu plus que 576, puisqu’une valeur aussi basse affecte les performances et n’empêche pas le problème.