rst,ack after some tcp retrasmissions on a tls comms
Hi all, hope someone will be able to help me.
I have a random problem in client to server communication.
user is blaming that ( randomly ) they are not able to use a previoulsy working application. Sometimes they are not able to "change" the page they are brwowsing or just to input some values in a form. they have to wait approx 30 secs or so...or refresh the page.
network architecture is : Windows client connected via vpn IPSEC to an AWS Linux server that publish ssl application on port 8443
i've made a client ( wireshark...first screen ) and a server ( tcpdump second screen) capture and i've noticed something odd ( for me ).
it seem that when users are not able to "browse the page" i get some retrassmission at both client and server side ( attached ) and finally i get a rst/ack from client.
As per my understanding, it seem both client and server are not able to communicate eachother but the network seem stable because i've also runt a pingplotter that pools the destination server continuosly and i have no packet drop ( 3rd immage ) or interruptions. No latency ( 30ms average and no jitter ).
any idea what could cause the problem
files are visible at: https://mega.nz/file/jlJV0aIA#PJKvJnb...
as additional note...just noticed the same behaviour using ssh connection....several retrasmission than RST-ACK
the odd thing is that i had 2 ssh session from the same source pc....and i noticed that when one fail the other is still active...so it can't be a connection problem itself. it must be related to the single session.
any hit?
here the ssh capture
58 2020-06-03 17:48:27,324510 10.74.136.130 10.74.196.175 TCP 54 50487 → 22 [ACK] Seq=1687 Ack=3678 Win=65536 Len=0 CS0
59 2020-06-03 17:49:04,776656 10.74.136.130 10.74.196.175 SSHv2 106 Client: Encrypted packet (len=52) CS0
60 2020-06-03 17:49:05,070778 10.74.136.130 10.74.196.175 TCP 106 [TCP Retransmission] 50487 → 22 [PSH, ACK] Seq=1687 Ack=3678 Win=65536 Len=52 CS0
61 2020-06-03 17:49 ...(more)