what last packet is marked as it is? Is it ok?
1.1.1.1 2.2.2.2 TCP 74 49538?443 [SYN] Seq=0 Win=8192 Len=0 MSS=1420 WS=4 SACK_PERM=1 TSval=149611 TSecr=0
2.2.2.2 1.1.1.1 TCP 74 443?49538 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=979974123 TSecr=149611
1.1.1.1 2.2.2.2 TCP 66 49538?443 [ACK] Seq=1 Ack=1 Win=66176 Len=0 TSval=149613 TSecr=979974123
1.1.1.1 2.2.2.2 SSL 285 [Packet size limited during capture]
2.2.2.2 1.1.1.1 SSL 1474 [Packet size limited during capture]
2.2.2.2 1.1.1.1 SSL 1474 Continuation Data[Packet size limited during capture]
1.1.1.1 2.2.2.2 TCP 66 49538?443 [ACK] Seq=220 Ack=2817 Win=66176 Len=0 TSval=149616 TSecr=979974126
2.2.2.2 1.1.1.1 TCP 409 443?49538 [PSH, ACK] Seq=2817 Ack=220 Win=66048 Len=343 TSval=979974128 TSecr=149616[Packet size limited during capture]
1.1.1.1 2.2.2.2 TCP 66 49538?443 [ACK] Seq=220 Ack=3160 Win=65832 Len=0 TSval=149637 TSecr=979974128
1.1.1.1 2.2.2.2 TCP 66 49538?443 [FIN, ACK] Seq=220 Ack=3160 Win=65832 Len=0 TSval=149674 TSecr=979974128
2.2.2.2 1.1.1.1 TCP 60 443?49538 [RST, ACK] Seq=3160 Ack=221 Win=0 Len=0
1.1.1.1 2.2.2.2 TCP 60 [TCP ACKed unseen segment] 49538?443 [RST, ACK] Seq=221 Ack=3161 Win=0 Len=0
asked 23 Sep '15, 03:37
Dragec
6●1●1●2
accept rate: 0%
edited 23 Sep '15, 04:01
Kurt Knochner ♦
24.8k●10●39●237
problem is that it is highly unlikely that any packet is lost. So I'd like to know what are the other possible answers. Mybe firewall somehow messed communication? Or WS does not interpret something correctlly?
The packet was not lost. You just did not capture it. But you captured the acknowledgement for it, so Wireshark tells you that there was something that wasn't captured but not lost.
Your firewall is fine, Wireshark is fine. Your capture device is too slow.