This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I`m trying to find out what is causing intermittent RDP reconnects on our network. We connect via a RDP gateway proxy (which runs over HTTS / port 443). We reach the server via internet. It is not hosted in our LAN.

I notice some 'TCP Previous segment not captured' followed by TCK ACKed unsem segment. I captured all traffic going to the RDP gateway using our PFsense router. From what I read, these notices are nothing to worry about.

I`m a bit stuck, because I cant find any other hints in the packet capture. Therefore I uploaded a snippet of my packetcapture. Can you guys make anything out of this? All 'black entries' display the same notifications. There are no different ones, like retransmissions, etc.

https://www.cloudshark.org/captures/c15924c217ae

asked 22 Sep '16, 15:28

jortie2's gravatar image

jortie2
10225
accept rate: 0%

edited 22 Sep '16, 15:32


Your capture doesn't show anything special - the two symptoms "segment not captured" and "ACKed unseen segment" are clear signs of insufficient capture performance, meaning that packets weren't captured because the device doing the capture was too slow to grab them all.

There is also no session start or end in the capture. What you need to check is the end of the connection - you should see a FIN/ACK - FIN/ACK sequence, or a RST (reset) packet. The one sending the first FIN or RST is the one tearing down the connection. If you can, post a better capture with the teardown packets.

permanent link

answered 25 Sep '16, 05:45

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×22

question asked: 22 Sep '16, 15:28

question was seen: 1,622 times

last updated: 25 Sep '16, 05:45

p​o​w​e​r​e​d by O​S​Q​A