Been troubleshooting this bizarre issue - we have a dedicated server running 2 VMs and only 1 ip address to share between them on the NIC. We setup RRAS on the host (2012R2) and had the 2 VMs behind a NAT. The strange thing is that we saw corruption of Exchange email attachments and HTTPS downloads would fail within the first megabyte on both the VMs. However if you tried to download a file via HTTPS on the host it would work fine. Additionally the failure seems to correlate with the speed of the server - a slow HTTPS download on the VM (less than 50KB/sec) would not fail but a fast download would (anything above 75KB/sec). We have since reconfigured this setup and made one of the VMs internet facing, disabled RRAS on the host (we have console access via hardware), and then setup RRAS on the internet facing VM and got the second VM to NAT through that. We now see that the internet-facing VM can download files via HTTPS without issue, but the second VM still cannot. I ran WireShark and see the following (indicative):
Any input? Thanks! :) asked 24 Jun '15, 10:09  Mindsphere edited 24 Jun '15, 14:30  Lekensteyn |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Can you share a capture in a publicly accessible spot, e.g. CloudShark, Google Drive, Dropbox?
Otherwise I only can tell you without guessing, that there are FRAMES which have a purple and others which have a black background.
Hi Christian -
https://www.dropbox.com/s/7ix4ajugtjdjngl/Screen%20Shot%202015-06-25%20at%203.02.18%20AM.png?dl=0 https://www.dropbox.com/s/r823hnn55jifbtb/Screen%20Shot%202015-06-25%20at%203.02.37%20AM.png?dl=0
Thanks!
Ok it is really not much what I can see in this screenshots. But I will try:
Picture1(03.02:18 AM): I can see Out of Order packets only with source IP .243.189 and some Dup-ACK (which are probably D-SACKs) Timing seems to be O.K.
Picture2 (3.02:27): I can still see Out of Order packets a probably packet loss no ACKs and in the end the IP .10.2 gives up with an RST. And there is a gap between packet 1876 and 2025.
So the question is what mixes the packets and where occurred the packet loss, how many hops are between these hosts. Maybe there different ways in the network? So better would still be the whole trace.