A brief breakdown of the server 2019 capture.
- Frame 8782, 192.168.158.70 sent a TCP packet with data to 192.168.158.20, seq 3932858573
- Frame 8783, 25ms later, 192.168.158.70 sent a TCP packet with data to 192.168.158.20, seq 3932858573.
- Frame 8784, 1ms later, 192.168.158.20, sent a ACK for frame 8783. It is for frame 8783, not 8784, because the ACK is 3932858821.
The 192.168.158.20 device responded to frame 8783 in 1ms. The issue is to identify why there wasn't a response to 8782 from 192.168.158.20.
Start with the following:
1. Capture at 192.168.158.70 device, to determine all the packets from 192.168.158.20 made it. If the packets are missing, then TAP the LAN side to determine why the packets are missing. You want to determine why packets from 192.168.158.20 to 192.168.158.70 are missing.
- If captures shows that 192.168.158.70 received the packets, then verify that 192.168.158.20 sent a response.
- If 192.168.158.70 is not responding, then troubleshoot that issue.
- If 192.168.158.70 is responding, then TAP the LAN side to determine why the packets are missing. You want to determine why packets from 192.168.158.70 to 192.168.158.20 are missing.
I hope this helps.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
