Showing results for 
Search instead for 
Did you mean: 

Need help figuring out why packets are getting dropped

Level 2
Level 2

We have several remote sites  connecting to a central location. Each remote site has its own file and  print server hosted at the central location as virtual machines.  Recently, we've been having problems pulling data from one of these  servers (e.g., getting directory listing containing large amounts of  files and folders), but only from machines at the central site. Users at  the remote site who have been assigned this particular server have not  reported any problems. All other servers have been behaving fine, and I  can't see how this one server is different from the others.

Captures near the server show normal behavior until it comes time to  actually send the directory contents, then there are repeated attempts  to transmit the data, followed by a [RST,ACK]. Captures near the machine  browsing the directory show just the [RST, ACK]. I've done captures in  various points in the intervening network and I think I've found the  spot where it's not sending data any further, even though all other  connectivity to this machine is fine (I'm using my workstation for  testing).

The last spot the retransmitted packets get to, the source and  destination ips seem correct, and layer 2 info shows the source as being  the switch at the remote site the packet came from, and the destination  seems to be the MAC address associated with the vlan that the browsing  machine is a part of. Packets seem to be dropped somewhere around this  point. Captures at the interface where the packets should leave to head  to the browsing machine show everything but the retransmitted packets.  Again, the machine doing the browsing has normal connectivity for all  other things.

How can I find out why the packets are getting dropped?

7 Replies 7

Level 6
Level 6

So this server is sitting at a remote site and users from the central site are trying to access this server?  If that is the case what kind of connection do you have between the two sites?

Sorry... that part wasn't very clear in my post. The server is a VM at the central site that normally users at the remote site access, and they're accessing it with no problems. When we try to access it from the central site, that's when the problems happen.

The central and remote sites are all connected via Opt-E-Man, a switched metro ethernet service from AT&T.

Ok so it seems like the issue is only on the LAN side.  Have you looked at the switches that users are connected to? Also if you do a continuous ping from the users PC's to the server do you see any dropped packets?

Continuous pings are fine, both from the users at the remote site and  from us at the central site. Browsing folders from Windows seems normal  up until the point where we open a folder with a large amount of files  and folders.

I have more definite information about where packets get dropped. Packets get to the remote side and come back to the central side (in and out the same interface). Packets seem to go through fine if they're < 1514 bytes, but as soon as a 1514 byte packet is sent to the remote side, nothing comes back.

Ok I thought you said users from the remote site can browse fine it is just the local users. But now you are saying the issue is with the Remote users and NOT the Local users sitting at the Central site?

No, no... the problem is with users browsing from the central site. Remote users are fine. My last message was about where packets get dropped for local users when they try to browse. It's kind of hard to explain without a diagram, maybe...

Review Cisco Networking for a $25 gift card