This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Spurious retransmissions.

0

Hi I have some employees that use a remote application launched by a rdp file that opens a remote chrome application on the client side, I have been noticing a delay when clicking and typing on the remote app, and after making many changes on Computers I started debugging on my firewall a USG-300 Zywall.

Packet captures shows a lot of Spurious retransmissions and the behavior is recurrent and always happening, pretty much 99% of this spurious retransmissions are sent by the remote host 50.201.127.20 and I cannot see any change with many tests I have made no luck or service enhancement, So I think must be something on the server application.

Has anybody fixed this? or now how to,? thanks a lot alt text

asked 04 Sep '17, 14:00

Josue56's gravatar image

Josue56
6114
accept rate: 0%

edited 05 Sep '17, 10:23

The screenshot doesn't seem to show spurious retransmissions, just normal fast retransmissions after packet loss (indicated by the DUP ACK chain). And what is "host 50"? Do you mean 50.201.127.20?

(04 Sep '17, 23:58) Jasper ♦♦

I updated the picture is so weird I just receive same spurious transmission but no see any packet loss on my side.

(05 Sep '17, 10:32) Josue56

One Answer:

0

Spurious retransmissions are packets that are sent again even though their content has already been ACKed. That usually means that you're capturing on the receiving end of the connection, seeing data arrive twice and most likely means that the acknowledge packets for those data packets have been lost on the way to the sender. That way the sender thinks the data never arrived and sends it again.

If possible, capture on both ends to compare what packets are seen on each of the locations, and determine to point of packet loss from there.

answered 06 Sep '17, 07:23

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%