Wireshark-users: [Wireshark-users] TCP Previous segment lost > connection lost (bank transaction)
From: Bart Greyson <sonofgrey@xxxxxxxxx>
Date: Wed, 8 Apr 2009 12:59:40 +0200
Hi all,

I'm troubleshooting a problem where sometimes (10%) a bank transaction fails to complete properly. It's a two-phase transaction: the pre-authorization always seems to complete fine, the post-authorization where the command is given to the bank to actually execute the payment sometimes fails due to a timeout it seems.

I installed Wireshark to see what is being sent back and forth between the PCCharge software (VeriFone) and the bank. It looks like a package got lost, but I'm new to this kind of deep debugging, so if someone can tell me what's happening here, that would be great!

When the transaction fails I get these messages:

8705    2009-04-07 20:24:27.689549    192.168.1.64    192.168.1.254    DNS    Standard query A sslgw1.53.com
8706    2009-04-07 20:24:27.753519    192.168.1.254    192.168.1.64    DNS    Standard query response A 64.57.146.209
8707    2009-04-07 20:24:27.754030    192.168.1.64    64.57.146.209    TCP    wg-netforce > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460
8708    2009-04-07 20:24:27.880279    64.57.146.209    192.168.1.64    TCP    https > wg-netforce [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1380
8709    2009-04-07 20:24:27.880315    192.168.1.64    64.57.146.209    TCP    wg-netforce > https [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
8710    2009-04-07 20:24:27.880605    192.168.1.64    64.57.146.209    SSL    Client Hello
8711    2009-04-07 20:24:28.020226    64.57.146.209    192.168.1.64    TCP    https > wg-netforce [ACK] Seq=1 Ack=103 Win=5840 Len=0
8712    2009-04-07 20:24:28.076990    64.57.146.209    192.168.1.64    SSLv3    Server Hello,
8713    2009-04-07 20:24:28.275328    192.168.1.64    64.57.146.209    TCP    wg-netforce > https [ACK] Seq=103 Ack=1361 Win=64175 [TCP CHECKSUM INCORRECT] Len=0
8714    2009-04-07 20:24:29.572468    64.57.146.209    192.168.1.64    SSLv3    Certificate
8715    2009-04-07 20:24:29.573152    192.168.1.64    64.57.146.209    SSLv3    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
8716    2009-04-07 20:24:29.721915    64.57.146.209    192.168.1.64    SSLv3    Change Cipher Spec, Encrypted Handshake Message
////////////// Here we send the pre-auth info to the bank (amount, account info,...)
8717    2009-04-07 20:24:29.723126    192.168.1.64    64.57.146.209    SSLv3    Application Data
8718    2009-04-07 20:24:29.924454    64.57.146.209    192.168.1.64    TCP    https > wg-netforce [ACK] Seq=2163 Ack=832 Win=6432 Len=0
////////////// Here we get a confirmation of succesful pre-auth and some reference numbers from the bank
8719    2009-04-07 20:24:31.438709    64.57.146.209    192.168.1.64    SSLv3    Application Data
8720    2009-04-07 20:24:31.472879    64.57.146.209    192.168.1.64    SSLv3    Application Data
8721    2009-04-07 20:24:31.472917    192.168.1.64    64.57.146.209    TCP    wg-netforce > https [ACK] Seq=832 Ack=2492 Win=65139 [TCP CHECKSUM INCORRECT] Len=0
8722    2009-04-07 20:24:48.807592    64.57.146.209    192.168.1.64    TCP    [TCP Previous segment lost] https > wg-netforce [FIN, ACK] Seq=2515 Ack=832 Win=6432 Len=0
8723    2009-04-07 20:24:48.807625    192.168.1.64    64.57.146.209    TCP    [TCP Dup ACK 8721#1] wg-netforce > https [ACK] Seq=832 Ack=2492 Win=65139 [TCP CHECKSUM INCORRECT] Len=0 SLE=2515 SRE=2516
8724    2009-04-07 20:24:49.897800    64.57.146.209    192.168.1.64    SSLv3    [TCP Retransmission] Encrypted Alert
8725    2009-04-07 20:24:49.897844    192.168.1.64    64.57.146.209    TCP    wg-netforce > https [ACK] Seq=832 Ack=2516 Win=65116 [TCP CHECKSUM INCORRECT] Len=0
8726    2009-04-07 20:25:05.595049    64.57.146.209    192.168.1.64    TCP    https > wg-netforce [RST, ACK] Seq=2516 Ack=832 Win=0 Len=0


Can anyone tell from these messages what went wrong and what might be the cause?

Thanks a lot!