I have been having troubles with my Fibre Internet Connection now for a couple of months now and was told by my ISP to use Wireshark to further investgate the issue. We since have noticed that the connection seems to be getting duplicate ACK packets which when that happens the speed of my connection goes from like 7mb/s to like 365kb/s I have a wireshark session uploaded online and was wondering if someone that knows a fair bit about analysing these logs could give me an idea what could be causing this or give me a better understanding of how to interpret the information. http://users.on.net/~davidjparsons/wireshark%20test.pcapng Any help i could get on this matter really would be such a help. Regards, David asked 05 Dec '14, 16:18  BrissyGuy showing 5 of 6 show 1 more comments |
One Answer:
The trace file shows a constant throughput of more than 3 MB/s = Megabytes/s The 'duplicate ACK packets' are not received but are sent by your client as it is reporting GAPs. (TCP SACK option is present signalling the left and right edges. To summarize, this trace dows not show the slowdown to 500kB/s that you mentioned. Regards Matthias Update: The problem is still packet loss, thus the GAP reports. Whether this is a 'problem' depends on your expectations. In the IOGraph this threshold seems to be at 13000 bytes/ms answered 06 Dec '14, 03:33  mrEEde edited 07 Dec '14, 03:00 I have signed up for cloudshark so i just need to wait to for it to become active. I have condensed a wireshark test file down to 5mb where the speed was really slow. http://users.on.net/~davidjparsons/speedtest-capture.pcapng I really do appricate all your help on this as its abit beyond me. you were saying in your last post that there was GAPs in the transmission that correct? is there ment to be gaps at all but smaller or none at all? Just in argument with my ISP with this issue thats all and has been going on for sometime. All help on this matter is really appricated. Regards, David (06 Dec '14, 19:55) BrissyGuy I've uploaded the trace to https://www.cloudshark.org/captures/314df5700bb8 (07 Dec '14, 00:58) mrEEde Thanks for that. So u still think its just reporting GAPs and thats the whole of the issue? (07 Dec '14, 02:34) BrissyGuy There are lots of TCP previous segment not captured errors,which also suggest that those packets got dropped before reaching client,for e.g look at packet no.4 & 5(speedtest-capture.pcap) there are 5 packets dropped along the path somewhere.such losses are throughout the capture.You can show this capture to ISP as this is sufficient proof that packet is getting dropped in somewhere along the path (07 Dec '14, 05:31) kishan pandey |
That file is nearly 3 GB in size, and would take hours to download at the rate supported there. :)
Could you possibly cut that file down to the time period where the duplicate acks are occurring? One way to do that:
Open the capture file
Select a packet at the beginning of the "problem" time in the trace
Hit ctrl + m (to mark the packet)
Do the same for the last packet in the problem period.
Go to File -> Export Specified Packets, and save "First to Last Marked" in the lower-level options area of the save screen
I am sorry about that. I just did another capture of the problem.
I was able to get the file down to like 79mb. i hope that should be okay.
http://users.on.net/~davidjparsons/wireshark-test-December.pcapng
PS. i thankyou for your help with this. its really been taring my hair out with it really.
Thanks.
You were hitting around 30 Mbps in that trace file. Understanding the problem to be that you keep dropping down to an effective 365 Kbps, can I confirm that 'the problem' you are having was happening for you during the time of that trace?
yes thats correct. The speed is goes up down. and i am not really whats causing the issue. I am kinda lost hence the reason why i am asking for help on this one.
Ok but was it ever "bad" during the time of the trace you posted there? The whole time? When? I see 30 Mbps until near the end.
The download speed in Firefox had dropped from 3.1mb/s down to 500kb/s or there about at the time. I saw the duplicate ack packets, what is that caused by? i have tried it two other computers in the house and it does the same thing. Yes its like that, most downloads start off okay then after a short peroid of time they start sending duplicate ack packets which would cause the download to slow down? the longer the download session runs for the more it gets duplicate ack packets.