This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Malformed Packet, Spurious Retransmissions, Duplicate and RST

0

I am analyzing LAN network traffic. While capturing traffic i found some problems given below. 1. Malformed Packet (Exception occurred) 2.Connection Reset RST. 3. Retransmission (suspected) 4. Spurious Retransmissions 5.. Duplicate Acknowledgement ACK. Can anyone tell me what is the actual reason behind this problem. Here is a link of capture file. https://drive.google.com/file/d/0B8asXfpLSWu5WXk2TmJNX0pWakE/view?usp=sharing

asked 11 Feb '15, 13:37

mohdaftab93's gravatar image

mohdaftab93
6335
accept rate: 0%

edited 11 Feb '15, 14:35

2 Answers:

0

Can anyone tell me what is the actual reason behind this problem.

Unfortunately nobody will be able to tell you the reason for those messages in Wireshark, because it could be caused by:

  • a problem with your client, like driver problem, hardware defect, etc.
  • a problem with the server (same as client)
  • a problem in your network, which is causing packet loss, like overloaded switches,router, firewalls, etc. or even broken devices
  • a problem with you capturing setup and thus you were unable to capture all frames that have been on the link, like oversubscribing the port mirroring, a defect of you capturing nic, etc., etc.

What we can do is to take a look at the capture file. Maybe there are other signs in that file. If you like to do that, please post the capture file somewhere (google drive, dropbox, cloudshark.org) and post the link here.

++ UPDATE ++

The capture file you posted looks totally normal. Occasional loss of packets is absolutely normal in any network, which will cause the messages in Wireshark you mentioned. So, no reason to worry.

Regards
Kurt

answered 11 Feb '15, 14:21

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 11 Feb '15, 14:45

Here is the link of capture file. https://drive.google.com/file/d/0B8asXfpLSWu5WXk2TmJNX0pWakE/view?usp=sharing

(11 Feb '15, 15:05) mohdaftab93

I already looked at the file. See my ++UPDATE++

(11 Feb '15, 15:07) Kurt Knochner ♦

0
  1. Malformed packet means that the packet cannot be successfully dissected by Wireshark. It can be a code issue, or that the packet holds unexpected bytes, or is too short, or is damaged
  2. Connection Reset is a packet that ends a TCP connection. Either after it was successful, or when there is a fatal problem. In most situations, it's just the end of a successful connection these days
  3. Retransmission is TCP segment data that is sent again as a replacement for a lost segment
  4. Spurious retransmission -> see https://blog.packet-foo.com/2013/06/spurious-retransmissions/
  5. Duplicate ACKs occur when segments are lost. It is an indicator with which the receiver tells the sender that something is missing

Without the packets it's hard to say if you have a problem, or just normal or noncritical behavior.

answered 11 Feb '15, 14:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Here is the link of capture file. https://drive.google.com/file/d/0B8asXfpLSWu5WXk2TmJNX0pWakE/view?usp=sharing

(11 Feb '15, 15:03) mohdaftab93