Wireshark-users: [Wireshark-users] TCP Previous segment lost > connection lost (bank transaction)
Hi all,
I'm troubleshooting a problem where sometimes (10%) a bank transaction fails to complete properly. It's a two-phase transaction: the pre-authorization always seems to complete fine, the post-authorization where the command is given to the bank to actually execute the payment sometimes fails due to a timeout it seems.
I installed Wireshark to see what is being sent back and forth between the PCCharge software (VeriFone) and the bank. It looks like a package got lost, but I'm new to this kind of deep debugging, so if someone can tell me what's happening here, that would be great!
When the transaction fails I get these messages:8705 2009-04-07 20:24:27.689549 192.168.1.64 192.168.1.254 DNS Standard query A sslgw1.53.com
8706 2009-04-07 20:24:27.753519 192.168.1.254 192.168.1.64 DNS Standard query response A 64.57.146.209
8707 2009-04-07 20:24:27.754030 192.168.1.64 64.57.146.209 TCP wg-netforce > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
8708 2009-04-07 20:24:27.880279 64.57.146.209 192.168.1.64 TCP https > wg-netforce [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1380
8709 2009-04-07 20:24:27.880315 192.168.1.64 64.57.146.209 TCP wg-netforce > https [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
8710 2009-04-07 20:24:27.880605 192.168.1.64 64.57.146.209 SSL Client Hello
8711 2009-04-07 20:24:28.020226 64.57.146.209 192.168.1.64 TCP https > wg-netforce [ACK] Seq=1 Ack=103 Win=5840 Len=0
8712 2009-04-07 20:24:28.076990 64.57.146.209 192.168.1.64 SSLv3 Server Hello,
8713 2009-04-07 20:24:28.275328 192.168.1.64 64.57.146.209 TCP wg-netforce > https [ACK] Seq=103 Ack=1361 Win=64175 [TCP CHECKSUM INCORRECT] Len=0
8714 2009-04-07 20:24:29.572468 64.57.146.209 192.168.1.64 SSLv3 Certificate
8715 2009-04-07 20:24:29.573152 192.168.1.64 64.57.146.209 SSLv3 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
8716 2009-04-07 20:24:29.721915 64.57.146.209 192.168.1.64 SSLv3 Change Cipher Spec, Encrypted Handshake Message
////////////// Here we send the pre-auth info to the bank (amount, account info,...)
8717 2009-04-07 20:24:29.723126 192.168.1.64 64.57.146.209 SSLv3 Application Data
8718 2009-04-07 20:24:29.924454 64.57.146.209 192.168.1.64 TCP https > wg-netforce [ACK] Seq=2163 Ack=832 Win=6432 Len=0
////////////// Here we get a confirmation of succesful pre-auth and some reference numbers from the bank8719 2009-04-07 20:24:31.438709 64.57.146.209 192.168.1.64 SSLv3 Application Data
8720 2009-04-07 20:24:31.472879 64.57.146.209 192.168.1.64 SSLv3 Application Data
8721 2009-04-07 20:24:31.472917 192.168.1.64 64.57.146.209 TCP wg-netforce > https [ACK] Seq=832 Ack=2492 Win=65139 [TCP CHECKSUM INCORRECT] Len=0
8722 2009-04-07 20:24:48.807592 64.57.146.209 192.168.1.64 TCP [TCP Previous segment lost] https > wg-netforce [FIN, ACK] Seq=2515 Ack=832 Win=6432 Len=0
8723 2009-04-07 20:24:48.807625 192.168.1.64 64.57.146.209 TCP [TCP Dup ACK 8721#1] wg-netforce > https [ACK] Seq=832 Ack=2492 Win=65139 [TCP CHECKSUM INCORRECT] Len=0 SLE=2515 SRE=2516
8724 2009-04-07 20:24:49.897800 64.57.146.209 192.168.1.64 SSLv3 [TCP Retransmission] Encrypted Alert
8725 2009-04-07 20:24:49.897844 192.168.1.64 64.57.146.209 TCP wg-netforce > https [ACK] Seq=832 Ack=2516 Win=65116 [TCP CHECKSUM INCORRECT] Len=0
8726 2009-04-07 20:25:05.595049 64.57.146.209 192.168.1.64 TCP https > wg-netforce [RST, ACK] Seq=2516 Ack=832 Win=0 Len=0Can anyone tell from these messages what went wrong and what might be the cause?
Thanks a lot!