RE: [pfSense Support] Slow TCP connection
Thanks. I after the front end checkbox, no change to the tcpdump. After ifconfig -txcsum I have no more bad checksum errors and the slow connection times I was seeing are no more! I'll run tcpdump over the weekend to confirm all this but it looks good... Thanks, Josh. -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: 03 March 2010 22:42 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Wed, Mar 3, 2010 at 8:02 AM, Hiren Joshi j...@moonfruit.com wrote: Initial results seem interesting, I get a few bad header checksums (0x) so it looks like something is clearing them (tho not all). I'm also getting duplicate acks from the client so these checksum errors are being transmitted. This could be the cause of my slow connections. Questions: Will I need to upgrade before the Disable Hardware Checksum Offloading checkbox will work (I read something about it not working in my version). Is there a command line way of doing the same thing? ifconfig interface -rxcsum ifconfig interface -txcsum - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
Initial results seem interesting, I get a few bad header checksums (0x) so it looks like something is clearing them (tho not all). I'm also getting duplicate acks from the client so these checksum errors are being transmitted. This could be the cause of my slow connections. Questions: Will I need to upgrade before the Disable Hardware Checksum Offloading checkbox will work (I read something about it not working in my version). Is there a command line way of doing the same thing? This way I can test before upgrade. Thanks, Josh. -Original Message- From: Hiren Joshi Sent: 02 March 2010 17:55 To: support@pfsense.com Subject: RE: [pfSense Support] Slow TCP connection I have many sites with different domain names all with the same IP. I am now realising that I won't be able to get this information from tcpdump as the tcp packets are too low level... I'll try matching the IP of the location of where I'm running the tests from, that should work. -Original Message- From: David Burgess [mailto:apt@gmail.com] Sent: 02 March 2010 17:51 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Tue, Mar 2, 2010 at 10:45 AM, Hiren Joshi j...@moonfruit.com wrote: On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... I don't understand. You have several remote hosts with the same IP address and same host name? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On Wed, Mar 3, 2010 at 8:02 AM, Hiren Joshi j...@moonfruit.com wrote: Initial results seem interesting, I get a few bad header checksums (0x) so it looks like something is clearing them (tho not all). I'm also getting duplicate acks from the client so these checksum errors are being transmitted. This could be the cause of my slow connections. Questions: Will I need to upgrade before the Disable Hardware Checksum Offloading checkbox will work (I read something about it not working in my version). Is there a command line way of doing the same thing? ifconfig interface -rxcsum ifconfig interface -txcsum - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
Having just discovered wireshark, I'll agree =) I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. Thanks, Josh. -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: 02 March 2010 05:31 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Mon, Mar 1, 2010 at 5:24 AM, Hiren Joshi j...@moonfruit.com wrote: I'm not hitting the max states (this is set to a high enough number) and a tcp dump is impractical as this is not a consistent failure. tcpdump is never impractical. :) In fact it's really the only way you're going to get any further with this. 1 in 100 or even 1 in 1000 isn't difficult to handle, just get the headers in the capture to keep the size down, and the analysis tools in Wireshark make it easy to pick out the problem without browsing through thousands of frames. Get two simultaneous captures, one on LAN (or whatever internal interface) and one on WAN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On 3/2/10 7:59 AM, David Burgess wrote: On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. No special treatment needed -- wireshark will take pcap files as input. However, you might want to bear a couple of things in mind: 1. By default, tcpdump grabs only the first 68 bytes of each packet. You can override this with the '-s' flag, for example with a switch such as '-s 1500'. This is essential if you need to see deeper into the packet but the tradeoff is increased processing time. If you just need TCP headers you shouldn't need this switch. 2. Depending on link utilization tcpdump can capture a *lot* of traffic. If you know you only want to see traffic from/to a specific host, or for a given protocol, there are filters you can add at the end of a tcpdump command to limit what it will capture -- and wireshark uses identical capture filter syntax. The tcpdump manpage or wireshark docs have more info. dn - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
Oh I see, this is the Unix system I know this! =) Sorry for the blond moment, the interface names confused me. -Original Message- From: David Burgess [mailto:apt@gmail.com] Sent: 02 March 2010 15:59 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... -Original Message- From: Hiren Joshi Sent: 02 March 2010 17:43 To: support@pfsense.com Subject: RE: [pfSense Support] Slow TCP connection This is where things get interesting... When I use packet capture which I'm assuming is a front end to tcpdump, and enter a hostname, the filter works but when I use tcpdump host something.com it does a lookup on something.com and matches all packets with that IP. I have multiple hosts with the same IP but need to filter the packets for just one host. Any idea how I can do this? As it works via the front end, I figure there must be a way to do this in the command line. Thanks, Josh. -Original Message- From: David Newman [mailto:dnew...@networktest.com] Sent: 02 March 2010 16:08 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On 3/2/10 7:59 AM, David Burgess wrote: On Tue, Mar 2, 2010 at 8:54 AM, Hiren Joshi j...@moonfruit.com wrote: I'm using the packet capture bit in pfsense. Is there a way of doing this via the shell (I'm new to BSD, more of a Linux person) and leaving it running (filtered by hostname) for a few hours/days? This way I can dump it all and analyse it in wireshark. tcpdump. For example, tcpdump -i vr0 -n -w capture.pcap -i for the interface, -n to disable name resolution, capture.pcap is the capture file. I'm not sure if you have to do anything special to make it readable in wireshark. No special treatment needed -- wireshark will take pcap files as input. However, you might want to bear a couple of things in mind: 1. By default, tcpdump grabs only the first 68 bytes of each packet. You can override this with the '-s' flag, for example with a switch such as '-s 1500'. This is essential if you need to see deeper into the packet but the tradeoff is increased processing time. If you just need TCP headers you shouldn't need this switch. 2. Depending on link utilization tcpdump can capture a *lot* of traffic. If you know you only want to see traffic from/to a specific host, or for a given protocol, there are filters you can add at the end of a tcpdump command to limit what it will capture -- and wireshark uses identical capture filter syntax. The tcpdump manpage or wireshark docs have more info. dn - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On Tue, Mar 2, 2010 at 10:45 AM, Hiren Joshi j...@moonfruit.com wrote: On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... I don't understand. You have several remote hosts with the same IP address and same host name? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
I have many sites with different domain names all with the same IP. I am now realising that I won't be able to get this information from tcpdump as the tcp packets are too low level... I'll try matching the IP of the location of where I'm running the tests from, that should work. -Original Message- From: David Burgess [mailto:apt@gmail.com] Sent: 02 March 2010 17:51 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection On Tue, Mar 2, 2010 at 10:45 AM, Hiren Joshi j...@moonfruit.com wrote: On second thoughts, I'll take that back. It looks like the front end is matching all hosts with that IP, now I'm stumped... I don't understand. You have several remote hosts with the same IP address and same host name? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Slow TCP connection
I'm not hitting the max states (this is set to a high enough number) and a tcp dump is impractical as this is not a consistent failure. -Original Message- From: Evgeny Yurchenko [mailto:evg.yu...@rogers.com] Sent: 26 February 2010 14:44 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection Hiren Joshi wrote: Hi, I'm running a load of performance tests and I've found that one in every 100 odd TCP connections takes a few seconds to make the initial call. Once the connection has been established things go quickly but the initial connection sometimes hangs for a second or two. Can someone point me in the right direction as to what sort of debugging I can run or what logs to look at for this? Thanks, Josh. pfsense 1.2-RELEASE. Aren't you running into maximum number of states/ Do you get tcpdump for this slow TCP connection initiation? Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
On Mon, Mar 1, 2010 at 5:24 AM, Hiren Joshi j...@moonfruit.com wrote: I'm not hitting the max states (this is set to a high enough number) and a tcp dump is impractical as this is not a consistent failure. tcpdump is never impractical. :) In fact it's really the only way you're going to get any further with this. 1 in 100 or even 1 in 1000 isn't difficult to handle, just get the headers in the capture to keep the size down, and the analysis tools in Wireshark make it easy to pick out the problem without browsing through thousands of frames. Get two simultaneous captures, one on LAN (or whatever internal interface) and one on WAN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Slow TCP connection
Hi, I'm running a load of performance tests and I've found that one in every 100 odd TCP connections takes a few seconds to make the initial call. Once the connection has been established things go quickly but the initial connection sometimes hangs for a second or two. Can someone point me in the right direction as to what sort of debugging I can run or what logs to look at for this? Thanks, Josh. pfsense 1.2-RELEASE. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow TCP connection
Have you enabled Traffic Shapper? On Fri, Feb 26, 2010 at 5:01 PM, Hiren Joshi j...@moonfruit.com wrote: Hi, I'm running a load of performance tests and I've found that one in every 100 odd TCP connections takes a few seconds to make the initial call. Once the connection has been established things go quickly but the initial connection sometimes hangs for a second or two. Can someone point me in the right direction as to what sort of debugging I can run or what logs to look at for this? Thanks, Josh. pfsense 1.2-RELEASE. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Regards Abdulrehman
RE: [pfSense Support] Slow TCP connection
No I've not, will that let me monitor? In theory, every request should be going through and dealt with with equal priority. From: Abdulrehman [mailto:arvagabo...@gmail.com] Sent: 26 February 2010 12:06 To: support@pfsense.com Subject: Re: [pfSense Support] Slow TCP connection Have you enabled Traffic Shapper? On Fri, Feb 26, 2010 at 5:01 PM, Hiren Joshi j...@moonfruit.com wrote: Hi, I'm running a load of performance tests and I've found that one in every 100 odd TCP connections takes a few seconds to make the initial call. Once the connection has been established things go quickly but the initial connection sometimes hangs for a second or two. Can someone point me in the right direction as to what sort of debugging I can run or what logs to look at for this? Thanks, Josh. pfsense 1.2-RELEASE. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Regards Abdulrehman
Re: [pfSense Support] Slow TCP connection
Hiren Joshi wrote: Hi, I'm running a load of performance tests and I've found that one in every 100 odd TCP connections takes a few seconds to make the initial call. Once the connection has been established things go quickly but the initial connection sometimes hangs for a second or two. Can someone point me in the right direction as to what sort of debugging I can run or what logs to look at for this? Thanks, Josh. pfsense 1.2-RELEASE. Aren't you running into maximum number of states/ Do you get tcpdump for this slow TCP connection initiation? Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
