Wireshark-users: Re: [Wireshark-users] [This frame is a (suspected) retrasmission]
Date: Sat, 10 Jan 2009 17:39:39 +0100
Boaz Galil ha scritto:
From what I understand you are looking at a TCP socket – one of the nodes didn't get acknowledge for a segment so now you are observing retransmission.If you provide the entire packet capture – maybe we can give more information about the possible RCA.Thanks in advance,
Hi, the following is the entire packet:No. Time Source Destination Protocol Info 77 6.272751 192.168.1.2 213.239.204.205 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
Frame 77 (1506 bytes on wire, 1506 bytes captured)
Arrival Time: Jan 9, 2009 19:17:35.306192000
[Time delta from previous captured frame: 0.117051000 seconds]
[Time delta from previous displayed frame: 0.117051000 seconds]
[Time since reference or first frame: 6.272751000 seconds]
Frame Number: 77
Frame Length: 1506 bytes
Capture Length: 1506 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Apple_ba:30:0f (00:1c:b3:ba:30:0f), Dst:
Industri_b4:30:8f (00:17:37:b4:30:8f)
Destination: Industri_b4:30:8f (00:17:37:b4:30:8f)
Address: Industri_b4:30:8f (00:17:37:b4:30:8f)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Apple_ba:30:0f (00:1c:b3:ba:30:0f)
Address: Apple_ba:30:0f (00:1c:b3:ba:30:0f)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.2 (192.168.1.2), Dst: 213.239.204.205
(213.239.204.205)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1492
Identification: 0x3bf4 (15348)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x94c8 [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.2 (192.168.1.2)
Destination: 213.239.204.205 (213.239.204.205)
Transmission Control Protocol, Src Port: 46985 (46985), Dst Port: http
(80), Seq: 5761, Ack: 1, Len: 1440
Source port: 46985 (46985)
Destination port: http (80)
Sequence number: 5761 (relative sequence number)
[Next sequence number: 7201 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5840 (scaled)
Checksum: 0x8308 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 7689054, TSecr 3979016312
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 3.838753000 seconds]
[RTO based on delta from frame: 39]
TCP segment data (1440 bytes)
I removed the byte packet because I have the same problem to send "big"
email.
Thx a lot for any hint.
- References:
- [Wireshark-users] [This frame is a (suspected) retrasmission]
- From: bbbluedefense@xxxxxxxxx
- Re: [Wireshark-users] [This frame is a (suspected) retrasmission]
- From: Boaz Galil
- [Wireshark-users] [This frame is a (suspected) retrasmission]
- Prev by Date: Re: [Wireshark-users] [This frame is a (suspected) retrasmission]
- Next by Date: Re: [Wireshark-users] capture Q931 protocol
- Previous by thread: Re: [Wireshark-users] [This frame is a (suspected) retrasmission]
- Next by thread: [Wireshark-users] capture Q931 protocol
- Index(es):