Wireshark Logs, showing Network session reuses previously negotiated keys (Session resumption

asked 2022-06-10 10:38:51 +0000

Morning All,

I am working on a project:

Windows Server 2019 (Citrix)

My Application Heart Beat (Keep Alive) drops at random on Multiple Machines without warning. The Application HB is designed to re attempt the keep Alive every 30 seconds for 7 attempts and if not permitted to go through closes the Web Socket.

In Wireshark Logs the Network team advised they are seeing 4 things:

1) In the first visible frame of keepmealive.com we detect a resumption of the session

Frame 3476: Connect keepmealive.com Frame 3490: keepmealive.XXX.com (needed) [This session reuses previously negotiated keys (Session resumption)]

2) On the next frame this does not happen. I assume that the connection was disconnected and had to be renegotiated here, but why?

3) We see user-agent info for Windows Server 2012 system? The user agent is not from Windows Server 2019 and is running in IE 7 compatibility mode. Is this the way it is supposed to be?

4) “Milliseconds have passed since the SYN at X.X.X.A to the FIN at X.X.X.B

But the server's response to the FIN comes "only" at X.X.X.A. Your aggressively set timer in the IP stack thought that was too long, so it sends a retransmit already at 10 ms.

So my Question is: Wireshark Logs can I see why re-transmission takes place & is there a way to see why the FIN is set to Aggressively in my Environment

edit retag flag offensive close merge delete