No ack with dropped packet on win2019 hosted as VMs
I got a strange behavior for certain packet used by GPIO protocol , some times destination server do not send ack for this request
both machine os is windows 2019 running on VMware and they reside on the same sub net and communicate directly on layer 2
source end the connection with RST,ACK,CWR after multiple PSH,ACK despite that on the destination server i captured the request being received
what is odd is that it don't happen always sometimes it just don't send the ack and for the same request . i checked windows firewall and its allowed and everything work perfectly till this happens , also it become clear that if this scenario happen it will happen as below
1st request fails to ack 2nd request fails to ack 3rd request is successful
have anyone got into this situation ? how we can get the root cause or diagnose something like that ?
thank you a lot
source
Frame 15514: 326 bytes on wire (2608 bits), 326 bytes captured (2608 bits) on interface 0
Interface id: 0 (\Device\NPF_{6914DD91-9AD9-48FC-B356-EEEC44A87E5D})
Interface name: \Device\NPF_{6914DD91-9AD9-48FC-B356-EEEC44A87E5D}
Interface description: Ethernet0
Encapsulation type: Ethernet (1)
Arrival Time: Sep 5, 2023 10:08:01.124920000 Arab Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1693897681.124920000 seconds
[Time delta from previous captured frame: 0.001255000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 241.450188000 seconds]
Frame Number: 15514
Frame Length: 326 bytes (2608 bits)
Capture Length: 326 bytes (2608 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:giop]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_b6:17:1e (00:50:56:b6:17:1e), Dst: Vmware_b6:98:44 (00:50:56:b6:98:44)
Destination: Vmware_b6:98:44 (00:50:56:b6:98:44)
Address: Vmware_b6:98:44 (00:50:56:b6:98:44)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Vmware_b6:17:1e (00:50:56:b6:17:1e)
Address: Vmware_b6:17:1e (00:50:56:b6:17:1e)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.20.151.28, Dst: 10.20.151.21
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
Total Length: 312
Identification: 0xac55 (44117)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 10.20.151.28
Destination: 10.20.151.21
Transmission Control Protocol, Src Port: 61628, Dst Port: 5096, Seq: 1, Ack: 1, Len: 272
Source Port ...
may you have the ability to upload the pcap? reading this as text only is very very hard.
Formatting frames "as code" helps a lot. A capture is the most useful but this is better than a screenshot.
just 2 frames are not enough,. please share the whole communication as pcap. comparing only 1 frame is not helpful.