Help with troubleshooting TCP traffic issues

calterio · ‎03-19-2007

We have a strange issue. When we sniff traffic on our network (primarily Cisco 4006/6509 with EIGRP), we see more bad traffic than good. We see tons of "TCP Dup ACK", "TCP ACKed lost segment", "(TCP Previous segment lost] continuation or non-http traffic", and "TCP out-of-order" packets. I know this is very vague, but I'm looking for assistance/direction in troubleshooting/diagnosing the problem. If anyone has ideas, please let me know. Thanks.

clausonna · ‎03-19-2007

This may or may not help, but look for any half-duplex connections in your environment. For example, you might have a switchport for a server that's hard-set to 100/Full, but if the server is Auto/Auto then you'll have a mismatch, and the server will really only be at 100/Half. You won't necessarily know by looking at the switchport config, though, and might need to look at the server. Do a 'show interface status' and look for Half's. Also do a 'show int | inc error' and look for CRC errors or collisions.

Is any of your traffic crossing a WAN, or is it all LAN? If WAN, is it Frame Relay? Do you have packets marked Discard Eligable (DE)? Maybe you're getting congestion on your circuit(s) and your service provider is dropping packets.

Hope this helps! Good luck!

calterio · ‎03-20-2007

Thanks for the reply. I'm referring to LAN traffic only. I'll do some digging to get more info on the servers (handled by another area). Can anyone suggest a good Network Analyzer that may help us?