Client IP - 172.17.6.20 Server IP - 10.1.1.45 Server Port - 5555 ( web service )
Client is accessing this server and after sometimes the browser gets stuck and there is no data. After doing packet captures on both ends we have seen some errors ( last section of server file ) . There is a firewall in between but I have been told that there is nothing there blocking any such thing and since the TCP session is already established I believe it isnt a firewall issue .
Tcp Stream of Client is 152 I believe and Tcp stream of server file is 4 for this data flow.
I have made modifications to the packet captures using Tracewrangler . The strange thing is that this issue is random , sometimes it works fine and sometimes client is unable to browse properly and upon doing captures I got this.
The errors can be seen in the last 4-5 packets in Server capture file
asked 21 Sep '15, 05:44
edited 21 Sep '15, 05:46
Looking at the connection for port 50973 <---> 5555 (which is the connection for the last packets in the "server" capture:
It appears that everything is OK until the server sends a packet of 2 bytes which never shows up in the client capture.
After some number of retries(and 20 secs), the server gives up.
I would have to suspect the firewall somehow.
[Update] AFAIKT most/all of the retransmissions from the client to the server shown in the captures are due to lost ACKs from the server to the client.
The other issues also seem to involve lost packets from the server to the client.
(There is also one instance in the server capture wherein some packets sent from the server were not captured).
So: there appears to be an occasional specific problem (or problems) sending (small ?) packets from the server to the client. You would need to capture directly at the input/output of the firewall to see if there's a firewall problem.
answered 21 Sep '15, 07:10
Bill Meier ♦♦
edited 21 Sep '15, 11:31
Reassembly error, protocol TCP: New fragment overlaps old data (re transmission?)
This error does not show an error at the IP layer. It is a follow up of a retransmitted segment, if you have "Allow subdissectors to reassemble TCP streams" enabled.
With TCP reassembly disabled:
With TCP reassembly enabled:
answered 28 Sep '15, 12:56
edited 28 Sep '15, 13:02