I have a TCP communication problem between two of my servers. Every ten seconds the TCP connection is being established and then reset. The session includes Dup ACKs and Retransmissions but I couldn't locate the root cause since I don't observe any dropped packets neither.
Please note that there are some intermediate devices in between these servers although not sure I need traces from them as well. If so please let me know so that I update the post.
asked 05 Aug '16, 01:44
edited 05 Aug '16, 01:45
Your first trace is just looking bad because of duplicate packets. Check this blog post for details:
After deduplicating the SRV1 capture, both captures look okay - a connection established, some data exchanged, the connection staying open in case more data may be requested (resulting in "Keep Alives" when there isn't), and finally a connection teardown via reset when it turns out nothing else is needed. Looks pretty normal to me.
answered 05 Aug '16, 01:53
edited 05 Aug '16, 01:57
The TCP session is using TLS so you need to "Decode as" SSL
The ip.id fields of the Encrypted alert and the RST packet are incremental which suggests they have been generated by the client's IP stack and not by an external device.
So it is the client's application logic that decided to terminate the session.
answered 05 Aug '16, 03:26