Hi Guys, i am using wireshark check an issue we have with slow connectivity to our server and sometimes server have to restart. I am see a lot of the following lines in the capture and i wondered if anyone could explain what they are: 39 TCP src > 38378 [PSH, ACK] Seq=1786 Ack=1726 Win=32768 Len=119 40 TCP 38378 > src [ACK] Seq=1726 Ack=1905 Win=54 Len=0 41 TCP [TCP ACKed lost segment] src > 38378 [PSH, ACK] Seq=1905 Ack=1841 Win=32768 Len=119 42 TCP [TCP ACKed lost segment] src > 38378 [PSH, ACK] Seq=2024 Ack=1956 Win=32768 Len=119 43 TCP [TCP ACKed lost segment] src > 38378 [PSH, ACK] Seq=2143 Ack=2071 Win=32768 Len=119 44 TCP [TCP ACKed lost segment] src > 38378 [PSH, ACK] Seq=2262 Ack=2186 Win=32768 Len=119 Best Regards Spyros asked 24 Aug '12, 00:10  kaito7 |
One Answer:
"ACKed lost segment" means that Wireshark has found a packet acknowledging another packet it hasn't seen. Kind of a "I know the packet must have been there but I didn't see it". If that happens it usually means that you either captured on a link that didn't transport all packets (for example when there is asynchronous routing or an etherchannel where you only sniffed on one leg), or your capture device was too slow to record all packets in time that arrived at the NIC. answered 24 Aug '12, 02:12  Jasper ♦♦ |
additionally to what Jasper said: If the servers have to restart, there could be a problem with IP stack or NIC driver of that server.
Ping google and check if you have packet loss, I,e..
"ping google.com -t"