How can I find out if I have too many TCP Retransmissions
I am seeing a lot of TCP Retransmissions in my capture. How do I determine if I am getting too many?
It will not let me upload the image.
[TCP Retransmission] [TCP Port numbers reused] 65040 > 995 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 Echo (ping) request id=0x0001, seq=9897/43302, ttl=128 (reply in 1589) Echo (ping) reply id=0x0001, seq=9897/43302, ttl=64 (request in 1588) 995 > 65040 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 [TCP Keep-Alive] 443 > 64991 [ACK] Seq=0 Ack=125 Win=29216 Len=0 [TCP Keep-Alive ACK] 64991 > 443 [ACK] Seq=125 Ack=1 Win=262656 Len=0 [TCP Retransmission] 80 > 64431 [FIN, ACK] Seq=1 Ack=2 Win=501 Len=0 [TCP ZeroWindow] 64431 > 80 [ACK] Seq=2 Ack=2 Win=0 Len=0 [TCP Retransmission] [TCP Port numbers reused] 65042 > 465 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 465 > 65042 [RST, ACK] Seq=1 Ack=1 Win=5840 Len=0 [TCP Retransmission] [TCP Port numbers reused] 65029 > 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 993 > 65029 [RST, ACK] Seq=1 Ack=1 Win=48 Len=0 [TCP Keep-Alive] 443 > 64946 [ACK] Seq=0 Ack=125 Win=29216 Len=0 [TCP Keep-Alive ACK] 64946 > 443 [ACK] Seq=125 Ack=1 Win=2097920 Len=0 [TCP Retransmission] [TCP Port numbers reused] 65047 > 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 993 > 65047 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 [TCP Retransmission] [TCP Port numbers reused] 65049 > 995 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 [TCP Retransmission] [TCP Port numbers reused] 65050 > 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 [TCP Retransmission] [TCP Port numbers reused] 65048 > 465 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 995 > 65049 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 993 > 65050 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 [TCP Retransmission] [TCP Port numbers reused] 65036 > 995 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 [TCP Retransmission] [TCP Port numbers reused] 65034 > 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 [TCP Retransmission] [TCP Port numbers reused] 65035 > 995 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=4 SACK_PERM=1 995 > 65036 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 995 > 65035 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 993 > 65034 [RST, ACK] Seq=1 Ack=1 Win=48 Len=0 465 > 65048 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 [TCP Retransmission] [TCP Port numbers reused] 65054 > ...
Hey, i'm in no way educated in this way but recently i checked my IP trough criminalip and found out that i have some open ports that shouldn't be and an exploit DB whatever that is so i wanted to close these ports somehow. So i did what any uneducated person would do i asked chat gpt and after sometime it told me to download wireshark and check it. I did it and there were these TCP Retransmissions like a lot of them like 70-90 or so in a short time period back to back then a few then none and then again. I'm not sure what to do and i'm too deep now to try to do anything on my own. I apologize for my lack of knowledge and perhaps even not the best english since it's not my native language. Can you please ...(more)