I have a very large capture of a server losing connection from the network for a second once a day, but everything is working fine from that point according to the user. Took a large capture of the communication, and I copy and paste a few lines here. I see the same dup ack and then a retransmission. I looked at the dup ack number which all point back to 445056 frame and the retransmission give a reason of unknown packet type. What does that mean, can some explain that to me please? And what is going on with the retransmission? I checked my network from end to end an no problems were found on the wire.
Thanks for the help in advance.
asked 14 Apr ‘13, 22:22
edited 15 Apr ‘13, 01:19
Kurt Knochner ♦
"Unknown packet type" means that Wireshark could not decode it any further, which (in my experience) happens a lot if Wireshark thinks that the content is a database protocol and cannot interpret it.
The retransmission doesn't look special and comes in as expected without much time loss, so I doubt that you have a problem there. Packet loss is normal in every network; it just should not be excessive.
answered 15 Apr '13, 01:08
If you mean lost packets, this could be totally normal, as @Jasper said.
One of these 'normal processes' may be an ARP table refresh. See my answer to the following question:
Your one second connection loss, may be caused by an ARP table refresh. Do you see ARP packets for the involved systems (client, server, router) during that one second period?
answered 15 Apr '13, 01:13
Kurt Knochner ♦