On Mon, Apr 13, 2009 at 07:37:18PM +0200, Sake Blok wrote:
> On Sun, Apr 12, 2009 at 01:21:02PM -0400, Vikki Taxdal wrote:
> > On Sun, Apr 12, 2009 at 3:41 AM, Sake Blok <sake@xxxxxxxxxx> wrote:
> >
> > > 8720 S->C data (response, seq 2666, next 2492)
> > > 8721 C->S ACK (2492)
> > > ~17 sec delay
> > > 8722 S->C FIN (seq 2515, previous segment lost)
> >
> > So, does this part mean maybe not one, but _some_ packets were lost?
> > One with the segment transporting 23 bytes, and one or more
> > retransmissions after that, depending on the Server TCP's timeout
> > value for waiting for ACK?
>
> No, only the 23 bytes between seq 2492 and 2515 were lost. They could
> have been transmitted in several frames, but that is not likely
> considering the content of the missing bytes.
Oops, I think I misread your question. Yes, if the SSL Alerts was sent
straight after receving the ACK of frame 8721, I would have expected it
to be sent multiple times in the 17 sec gap. However, it is most likely
that the server closed the connecting *after* the gap, by sending the
SSL alert, followed by the FIN.
Cheers,
Sake