We have a internal site at a golf course. They submit credit card transactions to an credit card firm at a site on the internet. They get multiple declines on credit cards many times each day before the transaction goes through.
We, in the network support unit, have been tasked with investigating and solving this issue. We captured traffic from the site to the credit card server on the outside of our firewall. We see the golf course host issue a SYN to begin the session, after several seconds it issues another SYN. The credit card server replies with SYN,ACK. The golf course host then issues an RST which consitutes a "decline" of the credit card. This occrs from once to 15 or more times before the transaction goes through.
I ran a test from another host issuing a TCP/443 connect to the credit card server every second for 1 day. 94% of the connects occurred in less than 100 millisec. The golf course host sees much longer delays, on the order of 3-10 seconds. I have a 58-packet Wireshark trace of this behaviour.
asked 28 Sep '10, 11:39
First thing I'd look for is Sequence/ Acknowledgement number mismatches or TCP source/destination packet mismatches in the SYN/ACK. These would cause the TCP stack on the host initiating the socket to issue a RST.
answered 28 Sep '10, 12:10