TCP Retransmission after SYN, ACK
Hello Wireshark Experts,
I have a Problem where the TCP Connection to a Server is interrupted in short times. I see the Syn the Syn,ACK and after Syn, Ack I see a TCP Retransmission of the SYN Flag 2 times and after the 2nd SYN Retransmission I see SYN,ACK Retransmission. After that the TCP Traffic sometimes "flows" again and sometimes it ends with a RST Flag sent from the Client. Sometimes the Client sends the RST Flag after 2 TCP SYN Retransmissions from Client are received and 2 TCP SYN,ACK Retransmissions are sent from the Server.
Here you can see an example capture of the server trace.
edited: I think now that the first Syn, Ack Flag never made it to the Client. I see this most of the time during 3 Way Handshake. Can someone explain what could cause this behaviour?
In the middle of some TCP Streams I also see multiple RST,ACKs from the same source IP 192.168.0.1 with different TTL Values. 1st RST,ACK TTL 61 2nd to 9th RST,ACK TTL 126 and last RST,ACK TTL of 125
Where was the capture made - client, server, other?
the capture was made on the server
Can you provide a capture file for the frames in the picture? Makes it easier than typing in the data for a response.
The additional comment about TTL and the symptoms of the connection - have you ruled out duplicate IP addresses?
Here you can see the anonymized tracefile: Trace File 192.168.0.10 is the Client and 192.168.10.56 is the Server. The Tracefile was captured on the server.
Can you make a capture at the client?
- The server didn't send any RST packets, did the client receive any?
- Are the RST packets the server is receiving being sent from the client?