Wireshark · Wireshark-users: [Wireshark-users] TCP Retransmission question

Wireshark-users: [Wireshark-users] TCP Retransmission question

From: Thomas Anderson <t.dt.aanderson@xxxxxxxxx>

Date: Tue, 21 Jun 2011 15:46:57 +0800

I have two virtual machines running on virtualbox whose os is debian.
Currently my connection using ssh from A(xxx.xxx.xxx.111) to
B(xxx.xxx.xxx.112) sometimes suffers the connection timeout. So I use
wireshark (with filter `host xxx.xxx.xxx.112') to check the underlying
network packets and notice sometimes it seems the ssh will do TCP
retransmission as below:

xxx.xxx.xxx.112	68.168.113.155	SSH	[TCP Retransmission] Encrypted
response packet len=35
68.168.113.155	xxx.xxx.xxx.112	TCP	[TCP Previous segment lost] 33514 >
ssh [ACK] Seq=21 Ack=36 Win=5888 Len=0 TSV=3950744190 TSER=4316095
SLE=1 SRE=36
68.168.113.155	xxx.xxx.xxx.112	SSHv2	[TCP Retransmission] Client
Protocol: SSH-2.0-libssh-0.1\r

However, the ip address started with 68 is not any machine I know of.
Does it mean my ssh may be compromised? Or what key word I can filter
to find out the root cause (that ssh connection timeout)?

Thanks.

Follow-Ups:
- Re: [Wireshark-users] TCP Retransmission question
  - From: ronnie sahlberg
- Re: [Wireshark-users] TCP Retransmission question
  - From: Shain Singh

Prev by Date: Re: [Wireshark-users] Speed Test using wireshark
Next by Date: Re: [Wireshark-users] TCP Retransmission question
Previous by thread: Re: [Wireshark-users] Speed Test using wireshark
Next by thread: Re: [Wireshark-users] TCP Retransmission question
Index(es):
- Date
- Thread