TCP DUP ACK and TCP Spurious Transmissions

asked 2018-02-12 20:16:27 +0000

Serch4 gravatar image

updated 2018-02-12 20:20:58 +0000

can someone please analyze this pcap file and tell me why in the world there are so many TCP DUP and Spurious transmissions.

I think due to packet loss...

Christian_R gravatar imageChristian_R ( 2018-02-16 21:39:51 +0000 )edit

Could this all be caused because I am sniffing a hub?

Serch4 gravatar imageSerch4 ( 2018-02-22 14:22:36 +0000 )edit

answered 2021-08-26 13:55:34 +0000

Hey Wireshark People!!

We have a PC onsite that send OPC DA data over our network back to a windows box at our main site. The meraki S2S vpn is looking healthy and other devices onsite are working fine. Windows\mapped drives etc

The data is reported to a scada dashboard that give the enginees an easy to use system to monitor the engines . This connection keeps dropping. The meraki is working fine. no link flaps. VPN disconnects / reconnects. (ping path ping and Nmap connect from the server to the machine) I believe this issue is the machine. I can ping it ok and can vnc to it but is very slow i mean antiquated. its a Win 2k box!!

From the wireshark file we are seeing alot of Dup ack and re-transmissons 119 34.917119 TCP 1446 [TCP Retransmission] 38080 → 26254 [ACK] Seq=359 Ack=3831 Win=65535 Len=1392 124 43.729276 TCP 1446 [TCP Retransmission] 38080 → 26254 [ACK] Seq=359 Ack=3859 Win=65507 Len=1392

I was wondering if you guys could give any insight as to what this could be

The pc onsite is connect to the meraki via a HP Procurve. This has no Vlans so a flat network. Tomorrow i am going to check the procurve interface to see if there are any runts, collision errors, fcs errors etc

Any assistance you could give i would be very grateful!


Daniel Schindler

Jack of all trades and eternal Optimist

Asked: 2018-02-12 20:16:27 +0000

Seen: 497 times

Last updated: Feb 12 '18