Can an Expert help identify an issue

asked 2019-11-25 19:19:48 +0000

JHinkle gravatar image

updated 2019-11-26 13:29:25 +0000

I have a device with an embedded controller and IP stack.

It has been working without issue for over a year.

I have a website at Hostgator where I keep firmware files that can be downloaded to the controller.

In October something has happened because now my http get file download requests gets stalled (about 50% of the time).

UPDATE: It is now stalling all the time.

I have a wireshark capture of the event which I shared with Hostgator telling them I suspected something has changed on their site that is now affecting my controller's behavior.

Hostgator told me - not their issue (but I found nobody there actually uses wireshark).

I'm OK at reading an trying to figure out a network issue with wireshark but not 100% sure enough to go and present positive proof (if found) that Hostgator has an issue.

I am asking if an expert can take a few moments and review my wireshark capture with me and give me their opinion as to the issue. (It may be related to TCP window sizes).

Here is the capture in question: link text

Update - can someone explain what Wireshark is displaying in this picture. This packet behavior seems to occur when things goes South.

Line 178 - Server send SEQ = 98001

Line 179 - Different time stamp - same msg. Was there actually a second msg sent or is this just WS behavior?

Line 180 - I ACK the message

image description



edit retag flag offensive close merge delete


The way to present a capture is to sanitise it if needed, eg., with TraceWrangler, then share the capture file through a file sharing site. Images are just too painful to work with.

Jaap gravatar imageJaap ( 2019-11-25 21:35:19 +0000 )edit

I added the file above as a downloadable file -- is that what you mean?

JHinkle gravatar imageJHinkle ( 2019-11-25 22:05:21 +0000 )edit

The capture was made on the client device?
Is it possible to do a capture on the router or somewhere else in the network to see if the packet drops are occuring before they get to the client.

Chuckc gravatar imageChuckc ( 2019-11-26 04:36:55 +0000 )edit

I have multiple devices located across the US. The problem is occurring on all of them so it's not just THIS client that has the issue. HostGator rolled out some new software over the summer that I believe is causing my issue. I'm thinking my small stack (TCP Window == 30 MSS packets) my be generating behavior that larger computers do not due to memory availability. Any thoughts or comments?

JHinkle gravatar imageJHinkle ( 2019-11-26 07:41:50 +0000 )edit

Hi JHinkle, from the wireshark packets it seems like you have the right train of thought. Just googling the "tcp window specified by the receiver is completely full" gave me the following wireshark forum which you might have already seen:

Also if you notice from tcp stream 3 (for which you get this error), you have some tcp segments missing or dropped. The client doesn't receive them. Bubbasnmp advice to capture the packets at other nodes makes sense. The client expects a packet with seq 16801 but receives 18201. One segment is missing. If you set up captures at the router, you can check to see if hostgator is dropping the segment or if there's something else going on.

yash.rohilla gravatar imageyash.rohilla ( 2019-11-26 10:19:05 +0000 )edit