Client IP - 172.17.6.20 Server IP - 10.1.1.45 Server Port - 5555 ( web service ) Client is accessing this server and after sometimes the browser gets stuck and there is no data. After doing packet captures on both ends we have seen some errors ( last section of server file ) . There is a firewall in between but I have been told that there is nothing there blocking any such thing and since the TCP session is already established I believe it isnt a firewall issue . Tcp Stream of Client is 152 I believe and Tcp stream of server file is 4 for this data flow. https://www.cloudshark.org/captures/c361eb9e22cf ( Server-Specified-Anon) https://www.cloudshark.org/captures/7c991ea9f83d ( Client-Anon-Specified ) I have made modifications to the packet captures using Tracewrangler . The strange thing is that this issue is random , sometimes it works fine and sometimes client is unable to browse properly and upon doing captures I got this. The errors can be seen in the last 4-5 packets in Server capture file asked 21 Sep '15, 05:44 Abdur Rehman edited 21 Sep '15, 05:46 |
2 Answers:
Looking at the connection for port 50973 <---> 5555 (which is the connection for the last packets in the "server" capture: It appears that everything is OK until the server sends a packet of 2 bytes which never shows up in the client capture. After some number of retries(and 20 secs), the server gives up. I would have to suspect the firewall somehow. [Update] AFAIKT most/all of the retransmissions from the client to the server shown in the captures are due to lost ACKs from the server to the client. The other issues also seem to involve lost packets from the server to the client. (There is also one instance in the server capture wherein some packets sent from the server were not captured). So: there appears to be an occasional specific problem (or problems) sending (small ?) packets from the server to the client. You would need to capture directly at the input/output of the firewall to see if there's a firewall problem. answered 21 Sep '15, 07:10 Bill Meier ♦♦ edited 21 Sep '15, 11:31 Yes I understand that some packets which server sents to client are not being received and this might be because of some network device making issues. Here is a image of my wireshark which shows reassembly error , when i used tool to anonymous it, it changed this message . http://oi62.tinypic.com/2s9oqz9.jpg In the firewall we can see that ipid being forwarded but the client doesnt gets it , I guess we need to do captures on devices after firewall to see where exactly this small packet is getting dropped. (22 Sep '15, 01:51) Abdur Rehman |
Reassembly error, protocol TCP: New fragment overlaps old data (re transmission?) This error does not show an error at the IP layer. It is a follow up of a retransmitted segment, if you have "Allow subdissectors to reassemble TCP streams" enabled. With TCP reassembly disabled: With TCP reassembly enabled: answered 28 Sep '15, 12:56 Christian_R edited 28 Sep '15, 13:02 |
Note: I don't see any "Reassembly error ..." when looking at either of the captures with the latest development Wireshark.
(update) or: Are those errors showing for the original capture file (before the use of Tracewrangler ?)
What version of Wireshark are you using ?