Ask Your Question

Revision history [back]

TCP Retransmissions- anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

16246 2018-08-05 17:53:44.634509 10.88.222.194 91.429.42.299 TCP 66 58429 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 25 16247 2018-08-05 17:53:44.643647 91.429.42.299 10.88.222.194 TCP 66 25 → 58429 [SYN, ACK, ECN] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512 58429 16248 2018-08-05 17:53:44.643685 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [ACK] Seq=1 Ack=1 Win=262656 Len=0 25 16249 2018-08-05 17:53:44.653433 91.429.42.299 10.88.222.194 SMTP 121 S: 220 eu-smtp-1.media.com ESMTP; Mon, 23 Aug 2021 18:53:36 +0100 58429 16250 2018-08-05 17:53:44.653495 10.88.222.194 91.429.42.299 SMTP 76 C: EHLO [10.57.254.194] 25 16254 2018-08-05 17:53:44.662233 91.429.42.299 10.88.222.194 TCP 60 25 → 58429 [ACK] Seq=68 Ack=23 Win=29696 Len=0 58429 16255 2018-08-05 17:53:44.662251 91.429.42.299 10.88.222.194 SMTP 150 S: 250-eu-smtp-1.media.com Hello [212.219.240.8] | AUTH PLAIN LOGIN | STARTTLS | HELP 58429 16256 2018-08-05 17:53:44.662306 10.88.222.194 91.429.42.299 SMTP 64 C: STARTTLS 25 16257 2018-08-05 17:53:44.671116 91.429.42.299 10.88.222.194 SMTP 102 S: 220 Starting TLS [97eg9r4sO8GPfKR_153R9g.uk11] 58429 16258 2018-08-05 17:53:44.671790 10.88.222.194 91.429.42.299 TLSv1.2 292 Client Hello 25 16260 2018-08-05 17:53:44.682209 91.429.42.299 10.88.222.194 TLSv1.2 144 Server Hello 58429 16261 2018-08-05 17:53:44.682241 91.429.42.299 10.88.222.194 TCP 1514 25 → 58429 [ACK] Seq=302 Ack=271 Win=30720 Len=1460 [TCP segment of a reassembled PDU] 58429 16262 2018-08-05 17:53:44.682256 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [ACK] Seq=271 Ack=1762 Win=262656 Len=0 25 16263 2018-08-05 17:53:44.684164 91.429.42.299 10.88.222.194 TLSv1.2 1514 Certificate [TCP segment of a reassembled PDU] 58429 16266 2018-08-05 17:53:44.691546 91.429.42.299 10.88.222.194 TLSv1.2 340 Server Key Exchange, Server Hello Done 58429 16267 2018-08-05 17:53:44.691574 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [ACK] Seq=271 Ack=3508 Win=262656 Len=0 25 16270 2018-08-05 17:53:44.693367 10.88.222.194 91.429.42.299 TLSv1.2 180 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 25 16273 2018-08-05 17:53:44.704106 91.429.42.299 10.88.222.194 TLSv1.2 60 Change Cipher Spec 58429 16277 2018-08-05 17:53:44.765135 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [ACK] Seq=397 Ack=3514 Win=262656 Len=0 25 16278 2018-08-05 17:53:44.773937 91.429.42.299 10.88.222.194 TLSv1.2 99 Encrypted Handshake Message 58429 16287 2018-08-05 17:53:44.827641 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [ACK] Seq=397 Ack=3559 Win=262656 Len=0 25 25392 2018-08-05 17:54:44.759363 91.429.42.299 10.88.222.194 TLSv1.2 85 Encrypted Alert 58429 25393 2018-08-05 17:54:44.759395 91.429.42.299 10.88.222.194 TCP 60 25 → 58429 [FIN, ACK] Seq=3590 Ack=397 Win=30720 Len=0 58429 25394 2018-08-05 17:54:44.759412 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [ACK] Seq=397 Ack=3591 Win=262656 Len=0 25 30990 2018-08-05 17:55:35.844355 10.88.222.194 91.429.42.299 TLSv1.2 105 Application Data 25 30991 2018-08-05 17:55:35.845340 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [FIN, ACK] Seq=448 Ack=3591 Win=262656 Len=0 25 31020 2018-08-05 17:55:36.074103 10.88.222.194 91.429.42.299 TCP 105 [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51 25 31060 2018-08-05 17:55:36.386600 10.88.222.194 91.429.42.299 TCP 105 [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51 25 31107 2018-08-05 17:55:36.995959 10.88.222.194 91.429.42.299 TCP 105 [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51 25 31251 2018-08-05 17:55:38.205279 10.88.222.194 91.429.42.299 TCP 105 [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51 25 31546 2018-08-05 17:55:40.617346 10.88.222.194 91.429.42.299 TCP 105 [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51 25 32078 2018-08-05 17:55:45.418450 10.88.222.194 91.429.42.299 TCP 105 [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51 25 32725 2018-08-05 17:55:55.025839 10.88.222.194 91.429.42.299 TCP 54 58429 → 25 [RST, ACK, CWR] Seq=449 Ack=3591 Win=0 Len=0 25

click to hide/show revision 2
None

updated 2021-08-25 12:46:55 +0000

grahamb gravatar image

TCP Retransmissions- anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

A text dump of the traffic:

16246    2018-08-05 17:53:44.634509        10.88.222.194     91.429.42.299     TCP        66           58429 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1          25
16247    2018-08-05 17:53:44.643647        91.429.42.299     10.88.222.194     TCP        66           25 → 58429 [SYN, ACK, ECN] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512           58429
16248    2018-08-05 17:53:44.643685        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [ACK] Seq=1 Ack=1 Win=262656 Len=0            25
16249    2018-08-05 17:53:44.653433        91.429.42.299     10.88.222.194     SMTP    121         S: 220 eu-smtp-1.media.com ESMTP; Mon, 23 Aug 2021 18:53:36 +0100          58429
16250    2018-08-05 17:53:44.653495        10.88.222.194     91.429.42.299     SMTP    76           C: EHLO [10.57.254.194]                25
16254    2018-08-05 17:53:44.662233        91.429.42.299     10.88.222.194     TCP        60           25 → 58429 [ACK] Seq=68 Ack=23 Win=29696 Len=0            58429
16255    2018-08-05 17:53:44.662251        91.429.42.299     10.88.222.194     SMTP    150         S: 250-eu-smtp-1.media.com Hello [212.219.240.8] | AUTH PLAIN LOGIN | STARTTLS | HELP  58429
16256    2018-08-05 17:53:44.662306        10.88.222.194     91.429.42.299     SMTP    64           C: STARTTLS        25
16257    2018-08-05 17:53:44.671116        91.429.42.299     10.88.222.194     SMTP    102         S: 220 Starting TLS [97eg9r4sO8GPfKR_153R9g.uk11]            58429
16258    2018-08-05 17:53:44.671790        10.88.222.194     91.429.42.299     TLSv1.2 292         Client Hello         25
16260    2018-08-05 17:53:44.682209        91.429.42.299     10.88.222.194     TLSv1.2 144         Server Hello        58429
16261    2018-08-05 17:53:44.682241        91.429.42.299     10.88.222.194     TCP        1514       25 → 58429 [ACK] Seq=302 Ack=271 Win=30720 Len=1460 [TCP segment of a reassembled PDU]      58429
16262    2018-08-05 17:53:44.682256        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [ACK] Seq=271 Ack=1762 Win=262656 Len=0    25
16263    2018-08-05 17:53:44.684164        91.429.42.299     10.88.222.194     TLSv1.2 1514       Certificate [TCP segment of a reassembled PDU]          58429
16266    2018-08-05 17:53:44.691546        91.429.42.299     10.88.222.194     TLSv1.2 340         Server Key Exchange, Server Hello Done          58429
16267    2018-08-05 17:53:44.691574        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [ACK] Seq=271 Ack=3508 Win=262656 Len=0    25
16270    2018-08-05 17:53:44.693367        10.88.222.194     91.429.42.299     TLSv1.2 180         Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message       25
16273    2018-08-05 17:53:44.704106        91.429.42.299     10.88.222.194     TLSv1.2 60           Change Cipher Spec                58429
16277    2018-08-05 17:53:44.765135        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [ACK] Seq=397 Ack=3514 Win=262656 Len=0    25
16278    2018-08-05 17:53:44.773937        91.429.42.299     10.88.222.194     TLSv1.2 99           Encrypted Handshake Message              58429
16287    2018-08-05 17:53:44.827641        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [ACK] Seq=397 Ack=3559 Win=262656 Len=0    25
25392    2018-08-05 17:54:44.759363        91.429.42.299     10.88.222.194     TLSv1.2 85           Encrypted Alert 58429
25393    2018-08-05 17:54:44.759395        91.429.42.299     10.88.222.194     TCP        60           25 → 58429 [FIN, ACK] Seq=3590 Ack=397 Win=30720 Len=0     58429
25394    2018-08-05 17:54:44.759412        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [ACK] Seq=397 Ack=3591 Win=262656 Len=0    25
30990    2018-08-05 17:55:35.844355        10.88.222.194     91.429.42.299     TLSv1.2 105         Application Data               25
30991    2018-08-05 17:55:35.845340        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [FIN, ACK] Seq=448 Ack=3591 Win=262656 Len=0  25
31020    2018-08-05 17:55:36.074103        10.88.222.194     91.429.42.299     TCP        105         [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
31060    2018-08-05 17:55:36.386600        10.88.222.194     91.429.42.299     TCP        105         [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
31107    2018-08-05 17:55:36.995959        10.88.222.194     91.429.42.299     TCP        105         [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
31251    2018-08-05 17:55:38.205279        10.88.222.194     91.429.42.299     TCP        105         [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
31546    2018-08-05 17:55:40.617346        10.88.222.194     91.429.42.299     TCP        105         [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
32078    2018-08-05 17:55:45.418450        10.88.222.194     91.429.42.299     TCP        105         [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
32725    2018-08-05 17:55:55.025839        10.88.222.194     91.429.42.299     TCP        54           58429 → 25 [RST, ACK, CWR] Seq=449 Ack=3591 Win=0 Len=0               25
25
click to hide/show revision 3
None

updated 2021-08-25 13:07:50 +0000

grahamb gravatar image

TCP Retransmissions- anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

A text dump of the traffic:

16246   2018-08-05 17:53:44.634509        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        66   58429 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1          25
SACK_PERM=1
16247   2018-08-05 17:53:44.643647        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TCP        66   25 → 58429 [SYN, ACK, ECN] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512           58429
WS=512
16248   2018-08-05 17:53:44.643685        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [ACK] Seq=1 Ack=1 Win=262656 Len=0            25
Len=0
16249   2018-08-05 17:53:44.653433        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  SMTP     121   S: 220 eu-smtp-1.media.com ESMTP; Mon, 23 Aug 2021 18:53:36 +0100          58429
+0100
16250   2018-08-05 17:53:44.653495        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  SMTP     76   C: EHLO [10.57.254.194]                25
[10.57.254.194]
16254   2018-08-05 17:53:44.662233        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TCP        60   25 → 58429 [ACK] Seq=68 Ack=23 Win=29696 Len=0            58429
Len=0
16255   2018-08-05 17:53:44.662251        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  SMTP     150   S: 250-eu-smtp-1.media.com Hello [212.219.240.8] | AUTH PLAIN LOGIN | STARTTLS | HELP  58429
HELP
16256   2018-08-05 17:53:44.662306        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  SMTP     64   C: STARTTLS        25
STARTTLS
16257   2018-08-05 17:53:44.671116        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  SMTP     102   S: 220 Starting TLS [97eg9r4sO8GPfKR_153R9g.uk11]            58429
[97eg9r4sO8GPfKR_153R9g.uk11]
16258   2018-08-05 17:53:44.671790        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TLSv1.2  292   Client Hello         25
Hello
16260   2018-08-05 17:53:44.682209        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TLSv1.2  144   Server Hello        58429
Hello
16261   2018-08-05 17:53:44.682241        91.429.42.299     10.88.222.194     TCP   91.429.42.299  10.88.222.194  TCP      1514   25 → 58429 [ACK] Seq=302 Ack=271 Win=30720 Len=1460 [TCP segment of a reassembled PDU]      58429
PDU]
16262   2018-08-05 17:53:44.682256        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [ACK] Seq=271 Ack=1762 Win=262656 Len=0    25
Len=0
16263   2018-08-05 17:53:44.684164        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TLSv1.2  1514   Certificate [TCP segment of a reassembled PDU]          58429
PDU]
16266   2018-08-05 17:53:44.691546        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TLSv1.2  340   Server Key Exchange, Server Hello Done          58429
Done
16267   2018-08-05 17:53:44.691574        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [ACK] Seq=271 Ack=3508 Win=262656 Len=0    25
Len=0
16270   2018-08-05 17:53:44.693367        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TLSv1.2  180   Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message       25
Message
16273   2018-08-05 17:53:44.704106        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TLSv1.2  60   Change Cipher Spec                58429
Spec
16277   2018-08-05 17:53:44.765135        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [ACK] Seq=397 Ack=3514 Win=262656 Len=0    25
Len=0
16278   2018-08-05 17:53:44.773937        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TLSv1.2  99   Encrypted Handshake Message              58429
Message
16287   2018-08-05 17:53:44.827641        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [ACK] Seq=397 Ack=3559 Win=262656 Len=0    25
Len=0
25392   2018-08-05 17:54:44.759363        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TLSv1.2  85   Encrypted Alert 58429
Alert
25393   2018-08-05 17:54:44.759395        91.429.42.299     10.88.222.194    91.429.42.299  10.88.222.194  TCP        60   25 → 58429 [FIN, ACK] Seq=3590 Ack=397 Win=30720 Len=0     58429
Len=0
25394   2018-08-05 17:54:44.759412        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [ACK] Seq=397 Ack=3591 Win=262656 Len=0    25
Len=0
30990   2018-08-05 17:55:35.844355        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TLSv1.2  105   Application Data               25
Data
30991   2018-08-05 17:55:35.845340        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [FIN, ACK] Seq=448 Ack=3591 Win=262656 Len=0  25
Len=0
31020   2018-08-05 17:55:36.074103        10.88.222.194     91.429.42.299     TCP  10.88.222.194  91.429.42.299  TCP       105   [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
Len=51
31060   2018-08-05 17:55:36.386600        10.88.222.194     91.429.42.299     TCP  10.88.222.194  91.429.42.299  TCP       105   [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
Len=51
31107   2018-08-05 17:55:36.995959        10.88.222.194     91.429.42.299     TCP  10.88.222.194  91.429.42.299  TCP       105   [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
Len=51
31251   2018-08-05 17:55:38.205279        10.88.222.194     91.429.42.299     TCP  10.88.222.194  91.429.42.299  TCP       105   [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
Len=51
31546   2018-08-05 17:55:40.617346        10.88.222.194     91.429.42.299     TCP  10.88.222.194  91.429.42.299  TCP       105   [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
Len=51
32078   2018-08-05 17:55:45.418450        10.88.222.194     91.429.42.299     TCP  10.88.222.194  91.429.42.299  TCP       105   [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51     25
Len=51
32725   2018-08-05 17:55:55.025839        10.88.222.194     91.429.42.299    10.88.222.194  91.429.42.299  TCP        54   58429 → 25 [RST, ACK, CWR] Seq=449 Ack=3591 Win=0 Len=0               25
Len=0
click to hide/show revision 4
None

updated 2021-08-25 13:08:10 +0000

grahamb gravatar image

TCP Retransmissions- anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

A text dump of the traffic:

16246  2018-08-05 17:53:44.634509  10.88.222.194  91.429.42.299  TCP        66  58429 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
16247  2018-08-05 17:53:44.643647  91.429.42.299  10.88.222.194  TCP        66  25 → 58429 [SYN, ACK, ECN] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512
16248  2018-08-05 17:53:44.643685  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=1 Ack=1 Win=262656 Len=0
16249  2018-08-05 17:53:44.653433  91.429.42.299  10.88.222.194  SMTP      121  S: 220 eu-smtp-1.media.com ESMTP; Mon, 23 Aug 2021 18:53:36 +0100
16250  2018-08-05 17:53:44.653495  10.88.222.194  91.429.42.299  SMTP       76  C: EHLO [10.57.254.194]
16254  2018-08-05 17:53:44.662233  91.429.42.299  10.88.222.194  TCP        60  25 → 58429 [ACK] Seq=68 Ack=23 Win=29696 Len=0
16255  2018-08-05 17:53:44.662251  91.429.42.299  10.88.222.194  SMTP      150  S: 250-eu-smtp-1.media.com Hello [212.219.240.8] | AUTH PLAIN LOGIN | STARTTLS | HELP
16256  2018-08-05 17:53:44.662306  10.88.222.194  91.429.42.299  SMTP       64  C: STARTTLS
16257  2018-08-05 17:53:44.671116  91.429.42.299  10.88.222.194  SMTP      102  S: 220 Starting TLS [97eg9r4sO8GPfKR_153R9g.uk11]
16258  2018-08-05 17:53:44.671790  10.88.222.194  91.429.42.299  TLSv1.2   292  Client Hello
16260  2018-08-05 17:53:44.682209  91.429.42.299  10.88.222.194  TLSv1.2   144  Server Hello
16261  2018-08-05 17:53:44.682241  91.429.42.299  10.88.222.194  TCP      1514  25 → 58429 [ACK] Seq=302 Ack=271 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
16262  2018-08-05 17:53:44.682256  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=271 Ack=1762 Win=262656 Len=0
16263  2018-08-05 17:53:44.684164  91.429.42.299  10.88.222.194  TLSv1.2  1514  Certificate [TCP segment of a reassembled PDU]
16266  2018-08-05 17:53:44.691546  91.429.42.299  10.88.222.194  TLSv1.2   340  Server Key Exchange, Server Hello Done
16267  2018-08-05 17:53:44.691574  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=271 Ack=3508 Win=262656 Len=0
16270  2018-08-05 17:53:44.693367  10.88.222.194  91.429.42.299  TLSv1.2   180  Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
16273  2018-08-05 17:53:44.704106  91.429.42.299  10.88.222.194  TLSv1.2    60  Change Cipher Spec
16277  2018-08-05 17:53:44.765135  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3514 Win=262656 Len=0
16278  2018-08-05 17:53:44.773937  91.429.42.299  10.88.222.194  TLSv1.2    99  Encrypted Handshake Message
16287  2018-08-05 17:53:44.827641  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3559 Win=262656 Len=0
25392  2018-08-05 17:54:44.759363  91.429.42.299  10.88.222.194  TLSv1.2    85  Encrypted Alert
25393  2018-08-05 17:54:44.759395  91.429.42.299  10.88.222.194  TCP        60  25 → 58429 [FIN, ACK] Seq=3590 Ack=397 Win=30720 Len=0
25394  2018-08-05 17:54:44.759412  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3591 Win=262656 Len=0
30990  2018-08-05 17:55:35.844355  10.88.222.194  91.429.42.299  TLSv1.2   105  Application Data
30991  2018-08-05 17:55:35.845340  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [FIN, ACK] Seq=448 Ack=3591 Win=262656 Len=0
31020  2018-08-05 17:55:36.074103  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31060  2018-08-05 17:55:36.386600  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31107  2018-08-05 17:55:36.995959  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31251  2018-08-05 17:55:38.205279  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31546  2018-08-05 17:55:40.617346  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
32078  2018-08-05 17:55:45.418450  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
32725  2018-08-05 17:55:55.025839  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [RST, ACK, CWR] Seq=449 Ack=3591 Win=0 Len=0
click to hide/show revision 5
retagged

updated 2021-08-25 13:08:41 +0000

grahamb gravatar image

TCP Retransmissions- anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

A text dump of the traffic:

16246  2018-08-05 17:53:44.634509  10.88.222.194  91.429.42.299  TCP        66  58429 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
16247  2018-08-05 17:53:44.643647  91.429.42.299  10.88.222.194  TCP        66  25 → 58429 [SYN, ACK, ECN] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512
16248  2018-08-05 17:53:44.643685  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=1 Ack=1 Win=262656 Len=0
16249  2018-08-05 17:53:44.653433  91.429.42.299  10.88.222.194  SMTP      121  S: 220 eu-smtp-1.media.com ESMTP; Mon, 23 Aug 2021 18:53:36 +0100
16250  2018-08-05 17:53:44.653495  10.88.222.194  91.429.42.299  SMTP       76  C: EHLO [10.57.254.194]
16254  2018-08-05 17:53:44.662233  91.429.42.299  10.88.222.194  TCP        60  25 → 58429 [ACK] Seq=68 Ack=23 Win=29696 Len=0
16255  2018-08-05 17:53:44.662251  91.429.42.299  10.88.222.194  SMTP      150  S: 250-eu-smtp-1.media.com Hello [212.219.240.8] | AUTH PLAIN LOGIN | STARTTLS | HELP
16256  2018-08-05 17:53:44.662306  10.88.222.194  91.429.42.299  SMTP       64  C: STARTTLS
16257  2018-08-05 17:53:44.671116  91.429.42.299  10.88.222.194  SMTP      102  S: 220 Starting TLS [97eg9r4sO8GPfKR_153R9g.uk11]
16258  2018-08-05 17:53:44.671790  10.88.222.194  91.429.42.299  TLSv1.2   292  Client Hello
16260  2018-08-05 17:53:44.682209  91.429.42.299  10.88.222.194  TLSv1.2   144  Server Hello
16261  2018-08-05 17:53:44.682241  91.429.42.299  10.88.222.194  TCP      1514  25 → 58429 [ACK] Seq=302 Ack=271 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
16262  2018-08-05 17:53:44.682256  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=271 Ack=1762 Win=262656 Len=0
16263  2018-08-05 17:53:44.684164  91.429.42.299  10.88.222.194  TLSv1.2  1514  Certificate [TCP segment of a reassembled PDU]
16266  2018-08-05 17:53:44.691546  91.429.42.299  10.88.222.194  TLSv1.2   340  Server Key Exchange, Server Hello Done
16267  2018-08-05 17:53:44.691574  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=271 Ack=3508 Win=262656 Len=0
16270  2018-08-05 17:53:44.693367  10.88.222.194  91.429.42.299  TLSv1.2   180  Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
16273  2018-08-05 17:53:44.704106  91.429.42.299  10.88.222.194  TLSv1.2    60  Change Cipher Spec
16277  2018-08-05 17:53:44.765135  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3514 Win=262656 Len=0
16278  2018-08-05 17:53:44.773937  91.429.42.299  10.88.222.194  TLSv1.2    99  Encrypted Handshake Message
16287  2018-08-05 17:53:44.827641  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3559 Win=262656 Len=0
25392  2018-08-05 17:54:44.759363  91.429.42.299  10.88.222.194  TLSv1.2    85  Encrypted Alert
25393  2018-08-05 17:54:44.759395  91.429.42.299  10.88.222.194  TCP        60  25 → 58429 [FIN, ACK] Seq=3590 Ack=397 Win=30720 Len=0
25394  2018-08-05 17:54:44.759412  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3591 Win=262656 Len=0
30990  2018-08-05 17:55:35.844355  10.88.222.194  91.429.42.299  TLSv1.2   105  Application Data
30991  2018-08-05 17:55:35.845340  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [FIN, ACK] Seq=448 Ack=3591 Win=262656 Len=0
31020  2018-08-05 17:55:36.074103  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31060  2018-08-05 17:55:36.386600  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31107  2018-08-05 17:55:36.995959  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31251  2018-08-05 17:55:38.205279  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31546  2018-08-05 17:55:40.617346  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
32078  2018-08-05 17:55:45.418450  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
32725  2018-08-05 17:55:55.025839  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [RST, ACK, CWR] Seq=449 Ack=3591 Win=0 Len=0
click to hide/show revision 6
retagged

updated 2021-08-25 13:08:42 +0000

grahamb gravatar image

TCP Retransmissions- anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

anyone know possible causes after tls 1.2 change it reports retransmission and file does go out- this is with an external email relay?

A text dump of the traffic:

16246  2018-08-05 17:53:44.634509  10.88.222.194  91.429.42.299  TCP        66  58429 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
16247  2018-08-05 17:53:44.643647  91.429.42.299  10.88.222.194  TCP        66  25 → 58429 [SYN, ACK, ECN] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512
16248  2018-08-05 17:53:44.643685  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=1 Ack=1 Win=262656 Len=0
16249  2018-08-05 17:53:44.653433  91.429.42.299  10.88.222.194  SMTP      121  S: 220 eu-smtp-1.media.com ESMTP; Mon, 23 Aug 2021 18:53:36 +0100
16250  2018-08-05 17:53:44.653495  10.88.222.194  91.429.42.299  SMTP       76  C: EHLO [10.57.254.194]
16254  2018-08-05 17:53:44.662233  91.429.42.299  10.88.222.194  TCP        60  25 → 58429 [ACK] Seq=68 Ack=23 Win=29696 Len=0
16255  2018-08-05 17:53:44.662251  91.429.42.299  10.88.222.194  SMTP      150  S: 250-eu-smtp-1.media.com Hello [212.219.240.8] | AUTH PLAIN LOGIN | STARTTLS | HELP
16256  2018-08-05 17:53:44.662306  10.88.222.194  91.429.42.299  SMTP       64  C: STARTTLS
16257  2018-08-05 17:53:44.671116  91.429.42.299  10.88.222.194  SMTP      102  S: 220 Starting TLS [97eg9r4sO8GPfKR_153R9g.uk11]
16258  2018-08-05 17:53:44.671790  10.88.222.194  91.429.42.299  TLSv1.2   292  Client Hello
16260  2018-08-05 17:53:44.682209  91.429.42.299  10.88.222.194  TLSv1.2   144  Server Hello
16261  2018-08-05 17:53:44.682241  91.429.42.299  10.88.222.194  TCP      1514  25 → 58429 [ACK] Seq=302 Ack=271 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
16262  2018-08-05 17:53:44.682256  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=271 Ack=1762 Win=262656 Len=0
16263  2018-08-05 17:53:44.684164  91.429.42.299  10.88.222.194  TLSv1.2  1514  Certificate [TCP segment of a reassembled PDU]
16266  2018-08-05 17:53:44.691546  91.429.42.299  10.88.222.194  TLSv1.2   340  Server Key Exchange, Server Hello Done
16267  2018-08-05 17:53:44.691574  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=271 Ack=3508 Win=262656 Len=0
16270  2018-08-05 17:53:44.693367  10.88.222.194  91.429.42.299  TLSv1.2   180  Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
16273  2018-08-05 17:53:44.704106  91.429.42.299  10.88.222.194  TLSv1.2    60  Change Cipher Spec
16277  2018-08-05 17:53:44.765135  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3514 Win=262656 Len=0
16278  2018-08-05 17:53:44.773937  91.429.42.299  10.88.222.194  TLSv1.2    99  Encrypted Handshake Message
16287  2018-08-05 17:53:44.827641  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3559 Win=262656 Len=0
25392  2018-08-05 17:54:44.759363  91.429.42.299  10.88.222.194  TLSv1.2    85  Encrypted Alert
25393  2018-08-05 17:54:44.759395  91.429.42.299  10.88.222.194  TCP        60  25 → 58429 [FIN, ACK] Seq=3590 Ack=397 Win=30720 Len=0
25394  2018-08-05 17:54:44.759412  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [ACK] Seq=397 Ack=3591 Win=262656 Len=0
30990  2018-08-05 17:55:35.844355  10.88.222.194  91.429.42.299  TLSv1.2   105  Application Data
30991  2018-08-05 17:55:35.845340  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [FIN, ACK] Seq=448 Ack=3591 Win=262656 Len=0
31020  2018-08-05 17:55:36.074103  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31060  2018-08-05 17:55:36.386600  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31107  2018-08-05 17:55:36.995959  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31251  2018-08-05 17:55:38.205279  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
31546  2018-08-05 17:55:40.617346  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
32078  2018-08-05 17:55:45.418450  10.88.222.194  91.429.42.299  TCP       105  [TCP Retransmission] 58429 → 25 [FIN, PSH, ACK] Seq=397 Ack=3591 Win=262656 Len=51
32725  2018-08-05 17:55:55.025839  10.88.222.194  91.429.42.299  TCP        54  58429 → 25 [RST, ACK, CWR] Seq=449 Ack=3591 Win=0 Len=0