Need Advice on a Captured Packet Log

[Bradtechonline]

I am running a Database Server, and my users have been complaining of slow load times, and post times. The program is based off of Pervasive 8.0, and is called MAS.

The users when they trry to post data will often lock up completly, or take 3-5 minutes to post their attendance for the classes. I am noticing a lot of [PSH, ACK] requests. They account for atleast 90% of the traffic this NIC captured.

Here is the logfile on my website http://www.bradtechonline.com/packets.txt

I am reading up on the RFC's on TCP right now trying to figure out what is "excessive" or not excessive. I am new to the network analyzer programs that capture packets. Nothing else seems to be going slow besides this one Application.

My Event viewers on all my servers are clean without any errors. Would appreciate any advice possible thanks.

 

[Bradtechonline]

This log file just accounts for around one minute.

 

[spidey07]

ethereal is a good free packet capture program. It would be a lot easier to diagnose the problem with an actual "trace" file. This file is a capture of each and every packet that can be analyzed in a number of ways.

download ethereal and run it again.

From the trace it looks like the client and server are "ping-pong"ing. Something is wrong with the application. or more succiently - it's not a network problem.

 

[Bradtechonline]

Ive pulled up the log file in ethereal. I am not seeing an option to generate a trace file.

 

[Bradtechonline]

I called the MAS people, and he tried blaming it on my network. I told him all my equipment is Cisco, and my latency times, and transfer rates are fine. I am not seeing ANY broadcasting storming, or excessive ARP transmissions form any server. I do see a ton of TCP ACKs with the PSH flag. Like you said it looks like when someone fires up the Wengage MAS program that the machines are going back and forth with one another generating a lot of ACK PSH requests back and forth.

I don't know if it is normal for this program to do that since I did not code it. I guess I'm going to show them this log file. He told me to try rebooting all my switches and routers. I knew that wouldn't fix it , but he was convinced. He also told me a lot of other false information about the program. He said the same user cannot have two windows open of the same program at the same time. He was showing me the Pervasive Active Users, and it had two connections from the same user and he tried blaming that on a drop connnection which indicates network problems.

I told him she has two windows open and he said its not possible. I go down there and she has two programs running logged in twice. I'm about to put up a mock server and test it out. There must be some kind of configuration problem with their software.

 

[spidey07]

yes, it's a software problem. It's ALWAYS a software problem, never a network problem. And like all very dumb people (programmers) they will try to blame it on the network.

Your trace file should be enough for them to fix it.

 

[Bradtechonline]

How do I generate a trace file? Or is what I have on my website a trace file?

 

[spidey07]

a trace file is also called a capture file.

What program did you use to get that log file you have?

Just load ethereal on a clinent or server and then capture the traffic. then save it. this is your trace file.

 

[Bradtechonline]

Yeah, thats what I have. I was thinking "capture file" and when you said trace file I thought it might be something else. Im waiting for these idiots to call me back, and try to bullshit their way out of fixing their problem. I'm sitting here right now looking at network latency, and load and I am no where near maxing out my bandwith.

All our switches are brand new Cisco switches that are plenty capable of handling the traffic efficiently for the size of our network. He was trying to make it sound like it was one of my routers, or one of my switches or possible a broadcast storm. I didnt have a lot of broadcast traffic going on. Maybe 10 requests in a minute. Not all from one client which would indicate an ARP broadcast storm.

 

[spidey07]

don't ever let a programmer talk to you about networking. they are absolutely and completely clueless when it comes to this stuff. Yet for some reason they like to think they know what they're doing. It's funny really.

 

[nweaver]

Originally posted by: spidey07
don't ever let a programmer talk to you about networking. they are absolutely and completely clueless when it comes to this stuff. Yet for some reason they like to think they know what they're doing. It's funny really.

The same can (sometimes) be said of server admins. I had an old HPUX engineer, who wouldn't listen to me about setting some stuff up in the lab I built from scratch, and insisted that "You have to be directly connected to any network to talk to it"

I casually asked if he had trouble getting yahoo to patch him into thiers when searching the web...

Anyway, being in the testing side of Software Dev, I can tell you that all developers jump on the "it must be the network" gun. My manager (new) has finally gotten enough confidence that he rips off the "it's not the network" line like he is an old school netadmin. And sure enough, it never is (We can image ~600 PC's in 3-6 hours, 2 different H/W platforms and 3 different OS's per platform, sure the networks not working...).

 

[Atheus]

Originally posted by: spidey07
It's ALWAYS a software problem, never a network problem.

don't ever let a programmer talk to you about networking. they are absolutely and completely clueless when it comes to this stuff. Yet for some reason they like to think they know what they're doing. It's funny really.

But without software your network would notwork. There are some very talented people working on the code for those routers and firewalls, and the fact you consider them so reliable is only proof of the programmers' skill.