From owner-freebsd-questions@FreeBSD.ORG Tue Dec 28 10:28:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C542F16A4CE for ; Tue, 28 Dec 2004 10:28:11 +0000 (GMT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7003143D49 for ; Tue, 28 Dec 2004 10:28:11 +0000 (GMT) (envelope-from dgl@kirk.dlee.org) Received: from kirk.dlee.org ([68.49.181.149]) by comcast.net (rwcrmhc13) with ESMTP id <2004122810281001500r5rrie>; Tue, 28 Dec 2004 10:28:10 +0000 Received: from kirk.dlee.org (dgl@localhost.dlee.org [127.0.0.1]) by kirk.dlee.org (8.12.11/8.12.11) with ESMTP id iBSAS8Zr050133; Tue, 28 Dec 2004 05:28:08 -0500 (EST) (envelope-from dgl@kirk.dlee.org) Received: (from dgl@localhost) by kirk.dlee.org (8.12.11/8.12.11/Submit) id iBSAS8OK050132; Tue, 28 Dec 2004 05:28:08 -0500 (EST) (envelope-from dgl) Date: Tue, 28 Dec 2004 05:28:08 -0500 From: Doug Lee To: Dan Nelson Message-ID: <20041228102807.GA46670@kirk.dlee.org> Mail-Followup-To: Doug Lee , Dan Nelson , freebsd-questions@freebsd.org References: <20041228003030.GL900@kirk.dlee.org> <20041228013041.GB44954@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041228013041.GB44954@dan.emsphone.com> Organization: Bartimaeus Group User-Agent: Mutt/1.5.6i cc: freebsd-questions@freebsd.org Subject: Re: Tcpdump says I'm getting incomplete packets; how to find the culprit? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Dec 2004 10:28:11 -0000 On Mon, Dec 27, 2004 at 07:30:41PM -0600, Dan Nelson wrote: In the last episode (Dec 27), Doug Lee said: > I use FreeBSD 4.10-STABLE as a nat/firewall box. When connected to > DSL, I got fast web surfing but many gaps in incoming audio traffic > using some audio software. I switched to cable, and now audio works > great, but at least when I pop open pages in Lynx right on the > FreeBSD box, I often experience five-second delays--one at "202 OK" > and one or more during the loading of the page. Tcpdump reports that > I'm receiving incomplete packets, so I assume the five-second delays > are timeouts on my box before a request for packet resends. What is tcpdump printing that makes you think that packets are incomplete? If you are manually decoding packets by looking at tcpdump -X output, make sure you also use -s 0 to grab the entire packet. This is from a "tcpdump -s 0 -w tco -i ed0 port 80" run. Line 12 shows a truncation but no delay, interestingly enough; but I believe line 17 is the one that occurred when I saw "202 OK" and a five-second delay. Actually, I guess it's a seven-second delay after all. :-) I replaced my ip with here. 05:20:02.131687 .4891 > 12.129.203.38.http: S 1518360911:1518360911(0) win 65535 (DF) 05:20:02.211922 12.129.203.38.http > .4891: S 1407738134:1407738134(0) ack 1518360912 win 10136 (DF) 05:20:02.212540 .4891 > 12.129.203.38.http: . ack 1 win 33304 (DF) 05:20:02.221406 .4891 > 12.129.203.38.http: . 1:1449(1448) ack 1 win 33304 (DF) 05:20:02.311500 12.129.203.38.http > .4891: . ack 1449 win 10136 (DF) 05:20:02.312173 .4891 > 12.129.203.38.http: P 1449:1615(166) ack 1 win 33304 (DF) 05:20:02.397972 12.129.203.38.http > .4891: . 1:1449(1448) ack 1615 win 10136 (DF) 05:20:02.399266 12.129.203.38.http > .4891: P 1449:2897(1448) ack 1615 win 10136 (DF) 05:20:02.402194 .4891 > 12.129.203.38.http: . ack 2897 win 32580 (DF) 05:20:02.485577 12.129.203.38.http > .4891: . 2897:4345(1448) ack 1615 win 10136 (DF) 05:20:02.486357 .4891 > 12.129.203.38.http: . ack 4345 win 33304 (DF) 05:20:02.486606 truncated-ip - 276 bytes missing! 12.129.203.38.http > .4891: . 4345:5793(1448) ack 1615 win 10136 (DF) 05:20:02.487904 12.129.203.38.http > .4891: P 5793:7241(1448) ack 1615 win 10136 (DF) 05:20:02.491372 .4891 > 12.129.203.38.http: . ack 4345 win 33304 (DF) 05:20:02.580962 12.129.203.38.http > .4891: . 7241:8689(1448) ack 1615 win 10136 (DF) 05:20:02.581628 .4891 > 12.129.203.38.http: . ack 4345 win 33304 (DF) 05:20:02.581839 truncated-ip - 434 bytes missing! 12.129.203.38.http > .4891: P 8689:10137(1448) ack 1615 win 10136 (DF) 05:20:07.060856 12.129.203.38.http > .4891: . 4345:5793(1448) ack 1615 win 10136 (DF) 05:20:07.061557 .4891 > 12.129.203.38.http: . ack 8689 win 31132 (DF) 05:20:07.061997 .4891 > 12.129.203.38.http: . ack 8689 win 33180 (DF) 05:20:07.144915 12.129.203.38.http > .4891: . 8689:10137(1448) ack 1615 win 10136 (DF) 05:20:07.146198 12.129.203.38.http > .4891: . 10137:11585(1448) ack 1615 win 10136 (DF) 05:20:07.159433 .4891 > 12.129.203.38.http: . ack 11585 win 32580 (DF) -- Doug Lee dgl@dlee.org http://www.dlee.org Bartimaeus Group doug@bartsite.com http://www.bartsite.com "Never does the human soul appear so strong as when it foregoes revenge, and dares forgive an injury." --E. H. Chapin