Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
0
Helpful
3
Replies

the microsoft-ds tcp retransmission phantom

aaronsj
Level 1
Level 1

‎09-07-2007 01:13 PM - edited ‎03-05-2019 06:21 PM

I need help figuring out a problem that is plaguing our network. I'll try to be as brief as possible. Please see the attached file for our setup.

Basically, I can pass TCP traffic just fine using iperf, I get about 67Mbps throughput. But as soon as I try a file transfer from the server, my protocol analyzer shows many TCP Retransmissions and TCP Slow ACKs. My ping time is <1ms both directions. I've tried everything I know, so maybe someone has a good idea to refresh me. I'll provide configs if needed. Thank you!!

Labels:
Preview file
1 KB
0 Helpful
3 Replies 3

sadbulali
Level 4
Level 4

‎09-13-2007 11:05 AM

Microsoft Windows "Workstation Service (wkssvc.dll)" contains a flaw that is vulnerable to a buffer overflow. When successfully exploited, this vulnerability allows remote code execution with SYSTEM privileges. Successful exploitation of this vulnerability could allow an attacker complete control of an affected system or create a denial-of-service (DoS) condition.

This vulnerability can be exploited remotely without authentication or user interaction. However, remote exploitation without authentication is limited to systems running Windows 2000 Service Pack 4. The attack vector is through TCP ports 139 (netbios-ssn) and 445 (microsoft-ds). This vulnerability is designated by CVE ID 2006-4691.

0 Helpful

corey
Level 1
Level 1

‎09-14-2007 09:21 PM

You might start by checking each of the ports involved in the path for errors, drops, etc. Clearing the counters on each before your next test might help see things.

Do you get the same retransmission errors when running iperf?

What about if you test between two different PCs instead of just the PC/Server pair in question? Does the problem occur there as well?

0 Helpful

aaronsj
Level 1
Level 1

‎02-26-2008 07:17 AM

Our problem was due to a secondary ip address configured on the router interface. Basically, there were two networks on one 100Mbps interface which was causing it to overload and drop packets under too full a load. I moved our users to the same network as the servers and now everything gets switched locally instead of having to go talk through the router. We are going to rework the network so this is temporary.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card