Wireshark-users: Re: [Wireshark-users] [This frame is a (suspected) retrasmission]

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "bbbluedefense@xxxxxxxxx" <bbbluedefense@xxxxxxxxx>
Date: Sat, 10 Jan 2009 17:39:39 +0100
Boaz Galil ha scritto:
From what I understand you are looking at a TCP socket � one of the nodes didn't get acknowledge for a segment so now you are observing retransmission.
If you provide the entire packet capture � maybe we can give more information about the possible RCA. 

Thanks in advance,



Hi, the following is the entire packet:
No. Time Source Destination Protocol Info 77 6.272751 192.168.1.2 213.239.204.205 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] 

Frame 77 (1506 bytes on wire, 1506 bytes captured)
    Arrival Time: Jan  9, 2009 19:17:35.306192000
    [Time delta from previous captured frame: 0.117051000 seconds]
    [Time delta from previous displayed frame: 0.117051000 seconds]
    [Time since reference or first frame: 6.272751000 seconds]
    Frame Number: 77
    Frame Length: 1506 bytes
    Capture Length: 1506 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: Bad TCP]
    [Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Apple_ba:30:0f (00:1c:b3:ba:30:0f), Dst: Industri_b4:30:8f (00:17:37:b4:30:8f) 
    Destination: Industri_b4:30:8f (00:17:37:b4:30:8f)
        Address: Industri_b4:30:8f (00:17:37:b4:30:8f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) 
    Source: Apple_ba:30:0f (00:1c:b3:ba:30:0f)
        Address: Apple_ba:30:0f (00:1c:b3:ba:30:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) 
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.2 (192.168.1.2), Dst: 213.239.204.205 (213.239.204.205) 
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 1492
    Identification: 0x3bf4 (15348)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x94c8 [correct]
        [Good: True]
        [Bad : False]
    Source: 192.168.1.2 (192.168.1.2)
    Destination: 213.239.204.205 (213.239.204.205)
Transmission Control Protocol, Src Port: 46985 (46985), Dst Port: http (80), Seq: 5761, Ack: 1, Len: 1440 
    Source port: 46985 (46985)
    Destination port: http (80)
    Sequence number: 5761    (relative sequence number)
    [Next sequence number: 7201    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 32 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 5840 (scaled)
    Checksum: 0x8308 [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 7689054, TSecr 3979016312
    [SEQ/ACK analysis]
        [TCP Analysis Flags]
            [This frame is a (suspected) retransmission]
            [The RTO for this segment was: 3.838753000 seconds]
            [RTO based on delta from frame: 39]
    TCP segment data (1440 bytes)
I removed the byte packet because I have the same problem to send "big" email. 

Thx a lot for any hint.