This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lots of TCP Dup ACK & TCP Retransmission messages

0

Hi: I have been experiencing some network issues with connections dropping to various machines. I have a Linux box which is currently sending a large amount of data over SSH to a Synology NAS. I ran a tcpdump on this machine and I'm seeing what to my noob eyes seems like an inordinate amount of TCP Dup ACK & TCP Retransmission messages (see below for an example). Running tcpdump for 2 minutes generated a 2gb capture file, and it's mostly these types of messages. Does anyone have any idea what could be causing this?

Thanks for any input!

Example:

No.     Time           Source                Destination           Protocol Length Info
     35 0.790928       192.168.1.25         192.168.1.19         SSH      15996  Client: Encrypted packet (len=15928)

Frame 35: 15996 bytes on wire (127968 bits), 15996 bytes captured (127968 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.25, Dst: 192.168.1.19
Transmission Control Protocol, Src Port: 58167, Dst Port: 22, Seq: 16437, Ack: 1, Len: 15928
SSH Protocol


No.     Time           Source                Destination           Protocol Length Info
36 0.790934       192.168.1.25         192.168.1.19         TCP      15996  [TCP Retransmission] 58167→22 [ACK] Seq=16437 Ack=1 Win=501 Len=15928 TSval=2496248946 TSecr=1194800600


Frame 36: 15996 bytes on wire (127968 bits), 15996 bytes captured (127968 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.25, Dst: 192.168.1.19
Transmission Control Protocol, Src Port: 58167, Dst Port: 22, Seq: 16437, Ack: 1, Len: 15928


No.     Time           Source                Destination           Protocol Length Info
37 0.790942       192.168.1.25         192.168.1.19         SSH      576    Client: Encrypted packet (len=508)


Frame 37: 576 bytes on wire (4608 bits), 576 bytes captured (4608 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.25, Dst: 192.168.1.19
Transmission Control Protocol, Src Port: 58167, Dst Port: 22, Seq: 32365, Ack: 1, Len: 508
SSH Protocol


No.     Time           Source                Destination           Protocol Length Info
38 0.790944       192.168.1.25         192.168.1.19         TCP      576    [TCP Retransmission] 58167→22 [PSH, ACK] Seq=32365 Ack=1 Win=501 Len=508 TSval=2496248946 TSecr=1194800600


Frame 38: 576 bytes on wire (4608 bits), 576 bytes captured (4608 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.25, Dst: 192.168.1.19
Transmission Control Protocol, Src Port: 58167, Dst Port: 22, Seq: 32365, Ack: 1, Len: 508


No.     Time           Source                Destination           Protocol Length Info
39 0.791023       192.168.1.19         192.168.1.25         TCP      68     22→58167 [ACK] Seq=1 Ack=4345 Win=5047 Len=0 TSval=1194800602 TSecr=2496248946


Frame 39: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.19, Dst: 192.168.1.25
Transmission Control Protocol, Src Port: 22, Dst Port: 58167, Seq: 1, Ack: 4345, Len: 0


No.     Time           Source                Destination           Protocol Length Info
40 0.791023       192.168.1.19         192.168.1.25         TCP      68     [TCP Dup ACK 39#1] 22→58167 [ACK] Seq=1 Ack=4345 Win=5047 Len=0 TSval=1194800602 TSecr=2496248946


Frame 40: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.1.19, Dst: 192.168.1.25
Transmission Control Protocol, Src Port: 22, Dst Port: 58167, Seq: 1, Ack: 4345, Len: 0

asked 20 Dec ‘16, 09:12

blobby's gravatar image

blobby
6112
accept rate: 0%