This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am seeing lots of retransmission between two nodes in same subnet.

0

Dear Team,

I am new to TCP analysis, i am seeing lots of retransmission , i am unable to understand how come there are so many retransmission if they are in same sub nett.Other node is Application side and i suspect while submitting packet on SMPP (using TCP as transport layer ) there window size is giving 46, is the same reason we are seeing retransmission ? I am confused please help.

Link for trace file is:

https://docs.google.com/open?id=0B5duHt-843JlRWdJY3lFWFFIck0
http://www.cloudshark.org/captures/80ad5769ba77

Thanks in Advance...

With Regards Avinash Jha

This question is marked "community wiki".

asked 01 Aug '12, 09:58

creative's gravatar image

creative
6558
accept rate: 0%

edited 01 Aug '12, 10:17

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


2 Answers:

1

I don't know how your capture setup looked like when you recorded this, but your trace has lots of duplicate packets which are showing up as false positives (retransmissions, duplicate acks). You need to deduplicate your trace before analyzing it.

See my answer to a similar case here: http://ask.wireshark.org/questions/10369/too-many-lost-segments-dup-acks-and-retransmission

answered 01 Aug '12, 10:27

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

1

Your system 10.10.6.6 just sends every single packet twice. Wireshark just shows that as DUP ACK and as Retransmission. One possible reason is a problem while capturing the packets. Maybe your sniffer on 10.10.6.6 (what did you use?) just captured (or wrote) every packet twice. To verify, capture at the other side as well and compare the capture files.

Regards
Kurt

answered 01 Aug '12, 10:31

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%