Continuously observing [TCP Previous segment not captured] , Ignored Unknown Record
Recently for a duration of 3 minutes i observed that my device is sending [TCP Previous segment not captured] , Ignored Unknown Record gradually. Also there seems to be other warning packet sent from the device including TCP window full. The server responds to none of it. Could anyone able to find where exactly the issue is rooted? What does it mean by ignored unknown record, window size full, encrypted heartbeat. Any help would be appreciated.
Below are the suspicious packets sent from the device end which is found on the wireshark trace.
139295 2019-11-29 17:51:02.729328 0.000786 Client Server TLSv1.2 1434 [TCP Previous segment not captured] , Ignored Unknown Record
Encrypted Handshake Message, Ignored Unknown Record
[TCP Window Full] , Ignored Unknown Record
Encrypted Heartbeat, Ignored Unknown Record
Can you share the capture file on a public file share, e.g. Google Drive, DropBox etc. and post a link back here?
Extremely Sorry, the capture is confidential as per the organizational policy. This happened in the sector where im working.
OK, but without the capture the answers will be very general.
Just a reason for these exceptions would help. Could u?
You might want to look into sanitization of capture files. If your problem is on layers 1-4 you can remove/change any detail to make it unrecognizable and still keep the problem situation intact, e.g. by using a tool like Tracewrangler. Look at this blog post for more information: https://blog.packet-foo.com/2016/11/t...