Hi all, Im currently experiencing random latency on my network when connecting to random websites. The three way handshake is ok but during the conversation I get an ACK and then an RST,ACK about a minute later. Then the Three way handshake starts again and during the conversation I get another ACK then RST,ACK. This does not happen on other network that I've looked at. can any one explain why this might be happening?? Please use the link to see the capture. Thanks Phil asked 30 Jun '14, 19:04  dalyphilip |
One Answer:
The problem lies in the client not completing the TLS negotiation in time. the https server sends a RST after not haveng received the Client Key Exchange in a reasonable amount of time.
answered 02 Jul '14, 08:46  mrEEde edited 02 Jul '14, 08:47 Thanks for the diagnostics on the Packet capture. I found the problem to be the anti-virus in the Sophos client. The followiing is from http://www.sophos.com/en-us/support/knowledgebase/27213.aspx Web protection | Download scanning Sophos Control Center: Configure scanning | Web scanning is Set Download scanning set to off. Download scanning can cause minor delays whilst a portion of the data from the site is scanned before delivery to the end user's internet browser, some websites may be adversely affected by this. (07 Jul '14, 18:33) dalyphilip |
Capture file is available here
https://osqa-ask.wireshark.org/upfiles/Capture_9.JPG
can you upload a capture file,difficult to understand on basis of screenshot.
Hi Kishan, you can get the capture file from the below address https://www.dropbox.com/s/igmsj2s2hhgtlej/capture%20file.pcapng
The filter i used was (((ip.src == 10.50.2.7) && (ip.dst == 157.56.58.13)) || ((ip.src == 157.56.58.13) && (ip.dst == 10.50.2.7)))
Hope that helps. Thanks