I am seeing this behavior on our network, i.e., the syn+ack packets being retransmitted even though an ack packet was received. Initially, I thought the ack packet was being lost but capturing on the server showed that the ack packet was received. Digging deeper I noticed that a web browser (172.16.49.134) would open 6 simultaneous connections to the web server (172.16.1.39) and while one connection would receive data the other 5 would sit idle and exhibit the same behaviour as in the attached packet capture and eventually get closed.
The server is running RedHat Linux: [[email protected] tmp]# uname -a Linux hostname 2.6.18-371.11.1.el5 #1 SMP Mon Jun 30 04:53:12 EDT 2014 i686 i686 i386 GNU/Linux
netstat -i doesn't show errors or dropped packets. Is this normal?
asked 27 Jul '15, 08:21
Everything has gone normal. But then the Client does not send application Data and for that kind of reason the server sends the syn,ack again, because he hadn´t anything more (Paket 4). And the client acknowledge this again(Paket 5). Afterthat the client closes the session with a normal session close (FIN), perhaps he really has nothng to send.
A similar question could be found here: https://ask.wireshark.org/questions/43648/spurious-retransmission-and-dup-ack
answered 27 Jul '15, 15:13