I would like help figuring out the cause & solution to a packet retransmission issue. I am getting lots of "TCP out-of order", "TCP DUP-ACK", & "TCP Retransmission". This occurs mostly (90%) between two devices communicating within the same VLAN. So client A (192.168.12.151) sends message to client B (192.168.12.100), through a Sonicwall router (192.168.11.200). Sonicwall router set up 4 VLANS, trunk to Layer 3 switch. Cisco switch has 4 VLANs.
You can see packet 8 send the packet from 151 to 100. But, packet 9, the router replaces the mac address, the source is now the router
This question is marked “community wiki”.
asked 22 Jan ‘13, 07:26
edited 22 Jan ‘13, 07:31
I'm assuming here that you have a pretty small subnet defined to force the traffic through the SonicWall box. What you're seeing is 100% normal. L3 routers replace the MAC as the IP packet traverses through it. They also decrement the TTL in the IP header, which I'm sure you'll see as well.
Chances are, you are capturing the same packet twice (as evidenced by the different mac address but same packet) and Wireshark is interpreting it as a retransmission (because it saw it twice).
So try capturing from just one subnet and see where that takes you. You didn't mention the original problem, though. Are you trying to troubleshoot a specific problem?
answered 22 Jan '13, 08:10