Hi, I`m trying to find out what is causing intermittent RDP reconnects on our network. We connect via a RDP gateway proxy (which runs over HTTS / port 443). We reach the server via internet. It is not hosted in our LAN. I notice some 'TCP Previous segment not captured' followed by TCK ACKed unsem segment. I captured all traffic going to the RDP gateway using our PFsense router. From what I read, these notices are nothing to worry about. I`m a bit stuck, because I cant find any other hints in the packet capture. Therefore I uploaded a snippet of my packetcapture. Can you guys make anything out of this? All 'black entries' display the same notifications. There are no different ones, like retransmissions, etc. asked 22 Sep '16, 15:28  jortie2 edited 22 Sep '16, 15:32 |
One Answer:
Your capture doesn't show anything special - the two symptoms "segment not captured" and "ACKed unseen segment" are clear signs of insufficient capture performance, meaning that packets weren't captured because the device doing the capture was too slow to grab them all. There is also no session start or end in the capture. What you need to check is the end of the connection - you should see a FIN/ACK - FIN/ACK sequence, or a RST (reset) packet. The one sending the first FIN or RST is the one tearing down the connection. If you can, post a better capture with the teardown packets. answered 25 Sep '16, 05:45  Jasper ♦♦ |
