This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP Dup Ack. TCP Retransmission

0

Clients on the network are complaining that a lot of the time, when they try to open a web page, their browser times out. Usually, if they hit refresh, the page will load. I've performed speed tests, ping tests, and DNS tests. They all come back good. I downloaded wireshark and ran a trace while trying access the Internet. I get a lot of TCP Dup ACK and TCP Retransmissions. The trace file can be found at http://pcc-tech.com/wireshark/file3.pcapng

Any ideas?

asked 11 Jun '15, 14:12

Tim%20Sanders's gravatar image

Tim Sanders
6113
accept rate: 0%

edited 11 Jun '15, 14:13

One Answer:
active answersoldest answersnewest answerspopular answers
1

The trace shows a lot of SYN retransmissions that would show up as a connection timeout in the browser.
In the example below the SYN packets to 162.159.242.165 (ask.wireshark.org) don't get a reply whereas the subsequent SYN packets to 162.159.241.165 go through immediately.
22 seconds later also the SYN packets to 162.159.242.165 get through immediately. Assuming that both servers were available at the time, I suspect it is the router 192.168.0.254 that blocks the new connections intentionally . alt text

The duplicate acknowlegdements are due to out_of_order arrival or packet loss

permanent link

answered 12 Jun '15, 01:30

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 12 Jun '15, 01:48

I've tried two different routers. Although I haven't run a trace using the second router, the users get the same symptoms.

(12 Jun '15, 04:07) Tim Sanders

Then you should be talking to your OfficeScan administrators and have them check the logs. If that doesn't show anything suspicious you will need to start tracing in the router to see if the SYN requests made it into the WAN.

(12 Jun '15, 05:39) mrEEde
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×16
×1

question asked: 11 Jun '15, 14:12

question was seen: 1,751 times

last updated: 12 Jun '15, 05:39

Related questions

Duplicate ACKs + delayed retransmission

TCP Dup ACK and a TCP retransmission _large packet size

Many TCP retransmission and tcp out-of-order found for slow connection

Searching the Info Field in 1k files

AP Forward Labeled As Retransmission

Systematic TCP retransmission

Why sar ETCP shows TCP retransmission but wireshark tcp.analysis.retransmission doesn't

Remote Desktop not connecting

Lag network http/https?

ACK for FIN Re transmission errors on web service client.

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A