 | 1 | initial version |
Hi Andrew,
I opened the PCAP and took a look at TCP conversations and sorted by the number of packets.
You mentioned the ISP link being checked so I looked for a public IP with lots of traffic to or from 192.168.0.213.
I saw that host 192.168.0.213 is sending a lot of traffic to host 151.101.2.29 (a public IP) so I focused on this stream.
Use this filter to see the stream tcp.stream eq 13
I don't see a lot of malformed HTTP: 90 overall and none for this stream.
"Expert Information" is a good place to look for issues but most items listed in red or yellow need to be investigated to make sure they are real issues.
Now I do see an odd behaviour on host 192.168.0.213 where it sends _two copies_ of most (all?) segments.
This is why there are so many TCP Retransmission, TCP Dup ACK and TCP Out-of-Order
Take the first few packets:
Host 192.168.0.213 sends a segment to host 151.101.2.29 (frame 1855) and then the same segment (frame 1856) again after 0,01 ms. (That's 0.01 milliseconds!)
Host 192.168.0.213 is even sending duplicate ACK to host 151.101.2.29. See frame 1988 and then 1990 seen only 0.006 ms after.
Now this could be a real issue with the host or it could be an issue with your capture.
There is a possibility duplicate packets are caused by defective hardware.
Not sure how you took this capture but I would try to move the capture point "elsewhere" to see if the issue persists.
If it does then I would try to run the Livestream on another host.
Hope this helps.
Cheers,
Spooky
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
