Strange TCP behavior

asked 2020-06-16 19:11:33 +0000

rgomez gravatar image

We've recently dealing with a problem in the network that points out to client issues but unfortunately that is totally not possible as if we switch from corporate network and use VPN GW instead (without using Branch to DC path) it works every single time.

What I can see in the packet captures is that client stops sending ACK to the server after a certain interval in the transaction. The server sends ~500 packets after the last ACK we see from the client on the client capture. Server then waits 300ms (for ACKs) and start retransmisson based on last ACK seen. After 3 retries it sends a reset. After a delay of ~30s the client sends the next ACK (after last one) but with len=1 (window length).

Any ideas of what I should look for? This started when the WAN device was changed on both of the branches which have problems.

edit retag flag offensive close merge delete


Have you captured the traffic on the client or on the server? Where is the server? Is it behind the new WAN device or in your LAN? Which packet does the client ACK after the delay of 30s? The last one that was send from the server or is it a retransmission of the clients last ACK? Does it happend for connections to this server only, or also to other servers? Could you provide us the capture?

Sounds like the client can't assign the 500 packets to the established connection.

JasMan gravatar imageJasMan ( 2020-06-19 13:22:31 +0000 )edit