All Questions
71 questions
1
vote
0
answers
20
views
Data Size difference Between Client-Proxy and Proxy-Server Connections with CONNECT Proxy
I have a small setup which I have a wss server running on port 4433. I also have a client trying to access the wss server via a CONNECT proxy. My understand of CONNECT proxy is that proxy will create ...
- 111
1
vote
0
answers
25
views
TCP SEQ or ACK do not increment despite non-zero LEN
My TCP downloads (git fetch, Chrome browser downloads, flatpak downloads) often fail to complete. When I look into the packets with Wireshark, I find that the connection ends in RST from the client.
...
- 61
0
votes
0
answers
164
views
TCP stream ends with retransmission of last FIN,ACK packet
The TCP network connection between an Haproxy server in TCP mode (.94) and Postfix (.137) randomly ends with the retransmission of last FIN,ACK packet from the Postfix server:
It only happens for ...
- 812
0
votes
1
answer
320
views
TCP CWND and RWND Mismatch
currently I am doing some Measurements (using iperf3, TCP-Tracepoints (for monitoring the Congestion-Window (CWND)) and tcpdump).
While altering the TCP-Window (RWND) Field (using a nf-hook kernel ...
0
votes
0
answers
105
views
TCP & Wireshark: Retransmission not working?
I traced a TCP connection in wireshark and try to understand how ACK'ing should work correctly.
As you can see in the picture at some point there's a paket missing from IPx.61. Wireshark tags this ...
- 11
1
vote
0
answers
79
views
TCP & Wireshark - Server not re-transmitting segments?
I am new to TCP-in-depth-analysis which I need for a current problem.
Connections:
Client = Host PC, Ubuntu 22.04.4 LTS (IP: ...60)
Switch (TL-SG1016D by tp-link, Gbit)
Server = Proprietary embedded ...
- 11
0
votes
1
answer
787
views
Proxmox host cannot reach guest: TCP client retransmitting instead of sending ACK after SYN/ACK
Setup: server (HTTP server on 80) on 192.168.1.20, clients on 192.168.1.17, 192.168.1.18
Client 192.168.1.17 can connect to the server fine (Wireshark capture on the client side attached)
1 0.000000 ...
- 101
0
votes
0
answers
587
views
REST requests to an API falls in timeout randomly
0
I developed a web app that communicate with an external API in REST. Most of the time I have no problem, but a few times (1 or 2 times a day) I have my request which is timed out although the ...
- 1
0
votes
1
answer
193
views
TCP packets being lost
I have some TCP packets being lost. I have monitored the interface with tcpdump pcap file - https://www.dropbox.com/s/7m3hr1b7065tenx/tcp.pcap?dl=0
I noticed that when I lose packets I only get 5 ...
- 1
0
votes
0
answers
222
views
How can I inspect everything that happens before a TCP handshake
On my local machine when I connect to a remote linux machine with netcat I can only see 3 related packets(the tcp handshake) in Wireshark.
I'm pretty sure there's more that happens before that(router -...
0
votes
0
answers
361
views
Difference between TCP Segment Data and Data on a Wireshark capture
I am trying to replicate some TCP communication that is sent from MongoDB and I have been able to replicate it byte by byte and it is still not being recognized.
The only difference I could find when ...
- 235
0
votes
0
answers
257
views
Bytes-in-flight higher than receiver window in frozen client connections
I am dealing with sort of a "ghost issue". We have an endpoint URL that some people can use at all times with no issues but others have a frozen connection on the client side (checked with ...
- 1
0
votes
0
answers
2k
views
How to find the symmetric key algorithm being used for a TLS connection in Wireshark?
I'm doing a TLS Wireshark lab and I can't find any information in Wireshark, the lab, or online how to find this answer:
What symmetric key cryptography algorithm is being used by the client and ...
- 101
0
votes
1
answer
1k
views
Where is the ACK to the packet in frame 76? [closed]
I am working through Kurose's book as part of a class and this particular exercise involves submitting a .txt file to the server and capturing this transfer and the server's response.
In one exercise ...
0
votes
1
answer
1k
views
How can I isolate a single TCP connection on Wireshark?
I just started using Wireshark for network troubleshooting purposes and I am a little confused about one thing. I requested a webpage and for the next 10s I monitored the data. I then used the filter ...
user603679
0
votes
1
answer
215
views
Can I determine a EWOULDBLOCK/EAGAIN situation from a pcap/tcpdump
Is there a way I can determine if a certain message resulted in an EWOULDBLOCK/EAGAIN return code to the server which sent the packet?
The server was sending messages to the client
At time 10,the ...
- 133
0
votes
0
answers
953
views
Postfix behind NAT
my network looks like this:
Internet <-> Gateway router(nat) <-> enp0s3 Linux enp0s8(NAT) <-> SMTP server
Without Linux NAT it works ok, but I need it.
When I try to send mail to ...
- 1
1
vote
0
answers
1k
views
TCP Window Size
Hoping someone can clarify a query I have in relation to TCP window size and whether it could be contributing to my slow throughput achieved via iPerf.
I took a Wireshark capture from a client while ...
- 11
0
votes
0
answers
635
views
HTTP webservice no response
We have some issues on a connection between 2 devices through ASP webservices. On Wireshark, we saw that the request arrives to the destination computer and the IIS sends the response, but the origin ...
- 111
0
votes
1
answer
2k
views
Decoding TCP packets as RTP in Wireshark
I'm troubleshooting a WebRTC video calling problem in my app and i'm using Wireshark.
One end of my video call is a web app running in my browser window and the other end is a Unity based app on an ...
- 61
0
votes
0
answers
234
views
AJAX POST fails - client sends RST response...why?
Problem
We have a web application that is used by many thousands of users. However, since the latter part of Jan 2020, a tiny fraction of clients (but still a significant number) have reported a ...
- 119
0
votes
1
answer
693
views
Are TCP RTO value and RTT value influenced by the packet size?
I am doing troubleshooting in my network.
I found some re-transmission by using wireshark.
The segment 1400 bytes are well transmitted but
The segment 800 bytes are lost and re-transmitted.
I know ...
- 139
2
votes
2
answers
1k
views
I have a loopback traffic in linux involving port 631 and I have no idea what is causing it
So I did some packet capturing in my networking and everything else is actually fine except for this weird communication where source and destination is literally 127.0.0.1, source port is 631, and ...
- 23
1
vote
0
answers
40
views
the strange value of SRE in a D-SACK packet
I'm troubleshooting a strange network issue in our production environment.
The dumped pcap file comes from the full NAT mode LVS , and the toploy of the ip address in the dump file is:
172.19.132.90(...
- 111
0
votes
0
answers
2k
views
Unable to use VNC when connected to OpenVPN
When I try to VNC to a particular machine #1 (192.168.1.221) from within the network I am able to connect to it without issue. When I try to connect from outside the network from my OpenVPN VPN I am ...
2
votes
1
answer
8k
views
Why is my computer making unreachable ICMP requests to the gateway?
After playing around with the ICMP filter on wireshark, I noticed that my machine is making ICMP requests to the router regularly, which consistently fails:
I noticed that the subsequent ICMP ...
1
vote
0
answers
183
views
Server does not respond to SYN [duplicate]
When I launch an FTP transfer from a client machine, it fails because it cannot connect to the server.
With tcpdump I can see that the client sends a SYN to the server, and I can also see that the ...
- 111
0
votes
1
answer
1k
views
How to turn an ethernet port into a passive listener?
I want to capture ethernet packets with my raspberry pi's ethernet port. I know I could create an ethernet bridge between two ethernet ports on the raspberry and analyze the packets internally with ...
3
votes
1
answer
11k
views
RST ACK after SYN and Retransmission
I'm very new with network, so forgive me if I ask dumb questions or if my vocabulary is bad
I'm trying to access an URL from a partner on a specific port. The server has a firewall which only accepts ...
- 131
1
vote
0
answers
1k
views
TCP window scale mismatch between CentOS 7 and Windows 2012 R2
Having TCP client on CentOS 7 and TCP listener on Windows 2012 R2, I observed through wireshark, sysinternals procmon and ss -bitmonz command, that the tcp client wscale is 7 (scale factor 128) while ...
- 256
1
vote
0
answers
524
views
server stops sending SYN ACK after several normal connections
I have a few thousand devices behind a NAT talking to two servers. Each device is behind a local router (think modem/router), at which they get NATed to a private network that has thousands of these ...
- 11
-3
votes
1
answer
212
views
Why tcp.dstport==8127 doesn't capture traffic [closed]
I have a simple node.js server running on locahost:8127:
const http = require('http');
http.createServer(function (req, res) {
console.log('incoming');
}).listen(8127);
Now I make requests from ...
- 777
0
votes
1
answer
7k
views
TCP Handshake error: SYN and SYN/ACK packets are not recognised
I have very interesting problem:
I have Proxmox hypervisor and two linux vms on it:
First vm have several nics in main bridge, each nic added to vm with certain vlan tag on hypervisor.
Second vm ...
- 293
1
vote
0
answers
938
views
NFS stuck in ack loop
I have a situation where one of three different NFS clients will break after a period of time (some number of days). I find that the broken host and server are continually sending 'ack' packets (to ...
- 121
1
vote
0
answers
2k
views
What is causing RST ACK in my connections?
75% of calls to a 3rd party API are getting dropped. When this happens is propagates up to my calling code as a The request was aborted: Could not create SSL/TLS secure channel error.
Here is a ...
- 111
1
vote
1
answer
239
views
Need help in understanding the packet analysis(wireshark) [closed]
The snapshot capture below contains a single HTTP request to a web server, in which the client web browser requests some files from server, and the server returns an HTTP/1.1 200 (OK) response which ...
- 21
0
votes
2
answers
730
views
Wireshark Packet Capture Data Data ACK Confusion
I understand how acks work and windowing works. What I am not getting is why am I seeing the following behavior in packet captures
Client Server
data1----->
data2----->
<--------ack ...
- 113
3
votes
2
answers
5k
views
TCP connection RST after FIN, ACK
I have a situation that would like to clarify with the experts here. I am no network expert so maybe it's normal, but i rather ask.
We are trying to diagnose a problem between two servers, both are ...
-1
votes
1
answer
142
views
Is it possible for SYN/ACK to not be immediately proceeded by a SYN in a network trace
I'm writing a simple program to calculate initial RTTs from a network capture I took using Wireshark. To do this I wan't to calculate the difference in time between the SYN and the SYN/ACK. I don't ...
- 333
2
votes
1
answer
2k
views
Wireshark shows "TCP Dup Ack" on SACK after each regular ACK
I have a TCP session captured via switch port mirroring and tcpdump. When viewing it (in Wireshark), I see the same pattern whenever I send a message; here's an excerpt of the outbound packets (I don'...
- 271
1
vote
0
answers
536
views
Wireshark RST against TCP Zero Window
During application sharing with Microsoft Lync Client (Mac OS X), TCP ACK with RST flag is sent from my application end to Lync end against TCP Zero Window packets and call gets dropped.
Image Link.
...
1
vote
2
answers
185
views
What is the cause for TCP flow control misinterpretation?
The client cannot connect to our web server. I sniffed the client and web server only to found out that the client sees the TCP connection to be successful while the server see it as a failure. What ...
- 123
1
vote
0
answers
312
views
Should I disable the Nagle Algorithm for Outlook / Exchange RPC/HTTP communication?
I'm investigating reasons why several Outlook clients in non-cached mode are having delays communicating... resulting in Outlook hanging.
My suspicion is that a Netscaler, or intermediate device (? ...
- 9,043
0
votes
1
answer
678
views
How to ping a host with different MTU size to simulate icmpv6 packet too big scenario?
As the Title states,I want to check whether my host will actually send a ICMPv6 packet too big if i send a packet with beyond the defined MTU size.I don't have a cisco router(extended ping) to try out ...
- 33
7
votes
2
answers
786
views
TCP acks are paused, then resumed, then paused again. Why?
I would like some help finding the reason for the reduced data transfer rate in my application.
I have 12 embedded systems and a Linux server. The embedded systems send data to the server over TCP on ...
- 171
1
vote
1
answer
3k
views
server is not responding on SYN packets
On the attached tcp dump, the first two SYN packets (#21800 and 21801) came to the server, however SYN ACK was sent for the second SYN. Is that correct behaviour? My understanding is that the client ...
- 11
5
votes
3
answers
32k
views
Wireshark "length" column - what does it include?
Can anyone tell me what the "Length" column in WireShark refers to?
I'm pretty sure it's the "size" of the entire frame on the wire. I did some calculations, but I didn't get the number that ...
- 315
2
votes
4
answers
7k
views
HTTP not finishing over LAN. Hardware cause?
On a customer server running Apache 2.2 on Windows server 2012 we're noticing that from time to time, some requests to the server never finish. Using wireshark I've found a bunch of duplicate ACKs get ...
- 21
4
votes
2
answers
40k
views
Wireshark TCP Window Size Value
I am debugging an application with Wireshark and watching the TCP Window Size value shrink on one side of the communication.
If the packet's TCP section shows a "Window size value: 1", does that mean ...
- 43
-1
votes
2
answers
2k
views
block all packets in windows 7 (so nothing appears in wireshark)? Can anything locally installed do it?
is it possible to block all packets in windows 7, so that nothing appears in wireshark?
I have tried choosing Block all for incoming.
for outgoing, I see it has no block all option, just a block ...
- 111