 | 1 | initial version |
From the captured packets, I think there is a bug in de TCP/IP stack of device-2. I assume the span port was mirroring traffic on the inter-switch like because there is no traffic for 6 seconds. I also assume there were already some more TCP KeepAlive message sent by device-2 and when the new data from device-1 comes in, it does not ACK the data as it might be strickly waiting for a KeepAlive-ACK.
I also think there is a bug in the TCP/IP stack of device-1, as it does not retransmits the segment starting at seq 37. But that might just be that the RTO falls outside of the capture interval and that after a while it does retransmit this data and things get back to normal. Please capture over a longer period next time (either until the connection restores itself or until it is reset by either one of the devices).
