Ask Your Question

Revision history [back]

The initial TCP handshake didn't take place correctly. Frame 2336 (ACK to SYN/ACK) is lost in the network, since there is a retransmission of SYN/ACK in frame 3530 (9 seconds later !). Firewall rules should not be the problem since the transaction eventually finish.

It could be caused by congested network or overloaded system (router/firewall, server) since the rest of transaction takes place normally and is less than 1 seconds (Frame 5996 to 6077).

You should understand how you get that IP Address 10.2.4.147 (DNS, HTTP Redirect, ...) in the capture, since it is not the expected server. You should make a capture on that server (10.2.4.147) when the symptoms occur. Do you have the same symptoms when you get the expected server(s) ?