We keep seeing lots of "TCP Re-transmission", "TCP DUP Ack" & " Pls. see attached. The client is 10.10.10.70 and the server is 192.168.1.52 Any help clearing this issue is appreciated. Thank you, asked 13 Feb '17, 11:53  Khojal |
" in Wireshark. It appears to us that EVERY TIME the client is sending a request followed by a re-transmission almost immediately. Are we doing any thing wrong on the client side? or even on the server side? Is there any timer we could properly adjust to prevent the inappropriate re-transmission?
2 Answers:
Looks like you captured duplicate packets. Please check out this blog post: https://blog.packet-foo.com/2015/03/tcp-analysis-and-the-five-tuple/ answered 13 Feb '17, 11:57  Jasper ♦♦ |
Seems like you have captured all frames twice. Please try answered 13 Feb '17, 11:57  Christian_R |
You right. Thank you Jasper and Christian. That was very helpful.Some how we were capturing twice; however, after we adjusted the capture, we now only see the TCP retransmission issue EVERY TIME the client is requesting a "GetMenuWithPermissions". The server starts to send a
retransmission after about 10 Milli-seconds is it doesn't get an "ACK" from the client? Are we doing any thing wrong from the client or from the server? do we need to adjust any timer for the server re-transmission. Again this issue happens only when the client wants to get "GetMenuWithPermission". Please see attached screen capture.
Thank you
Your capture technique is still not 100% accurate - you have packets way too big, over 4k for the "200 OK"... I recommend not capturing locally on any device involved, but use a SPAN port or TAP instead. Otherwise you'll still be chasing ghosts.