TCP segment of a reassembled PDU

[jeneveve@gmail.com]

Hi,

I have a Vista machine running on a network with an SBS 2003 server
and it seems to be VERY slow to boot up and the network utilization
skyrockets to 25-30% while windows is starting up. I ran wireshark
for about 3 min or so and during that time it transmitted about 56,000
packets. The majority of these were coming from the server and going
to the Vista machine and said TCP segment of a reassembled PDU. The
TCP info looks like this:

Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
49621 (49621), Seq: 76792960, Ack: 156178, Len: 1380
Source Port: netbios-ssn (139)
Destination port: 49621 (49621)
Sequence Number: 76794340
Acknowledgement number: 15678
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65346
Checksum: 0xf28e [correct]
[Reassembled PDU in frame: 68587]
TCP segment data (1380 bytes)

Any ideas?

Thanks,
Jen

 

[Andrew McLaren]

<jeneveve@gmail.com> wrote...
> I have a Vista machine running on a network with an SBS 2003 server
> and it seems to be VERY slow to boot up and the network utilization
> skyrockets to 25-30% while windows is starting up. I ran wireshark
> for about 3 min or so and during that time it transmitted about 56,000
> packets. The majority of these were coming from the server and going
> to the Vista machine and said TCP segment of a reassembled PDU. The
> TCP info looks like this:
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:

Port 139 is the NetIOS Session Service TCP Port. It is used to establish
connection-oriented NetBIOS Sessions. This is used by many Windows
services, such as Browser, Print Spooler, Server service, NetLogon, RPC,
Distributed File System, and others.

Was this traffic from port 139 on the server? Or on the Vista machine?

Either way ... sounds like something is trying to establish a NetBIOS
session, and finding it pretty hard work (probably many retries, hence high
CPU and traffic). I'd check things like NetBIOS name resolution, WINS, is
Browser runing (and do you want to disable it?), does either machine have a
persistent drive mapping to a non-existent share, on the other machine???
(this is a common cause of very slow startups).

The best tool I've found to diagnose network problems on the workstation is
still netdiag.exe, from the XP Support Tools (on XP CD-ROM). Netdiag.exe
runs perfectly on Vista just copy the EXE file across to a scratch
directory on the Vista box. Then run:

C:\FOO>netdiag /v /debug /l

This will create a file netdiag.log in the current directory, containing a
detailed analysis of the Vista machine's network connectivity to the domain.

Hope this helps,

--
Andrew McLaren
amclar (at) optusnet dot com dot au