Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: TCP Retransmissions

Re: TCP Retransmissions 14 years 3 weeks ago #16383

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
I am having a similar issue on my Cisco 3750G switch, this is happening on a VLAN between two servers on the same IP Subnet and the same VLAN.

I currently have a TAC case open to help me determine if the fault is with my switch or not. I get TCP Retransmissions, TCP FastRetransmissions, TCP DUP ACK (sometimes i can get 40 to 50 for the same TCP Segment), TCP Out-of-Order.

Why can't these things just work, lol

I will keep people updated on what is found.

Cheers

Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: TCP Retransmissions 14 years 3 weeks ago #16406

  • wlekns
  • wlekns's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
I can't really send a capture file but below is the Flow Graph. The interesting thing is the FIN,ACK activity.

>> CLIENT to SERVER
<< SERVER to CLIENT

SYN>>
<<SYN,ACK
PSH,ACK>>
<<PSH,ACK
PSH,ACK>>
ACK>>
PSH,ACK>>
ACK>>
<<PSH,ACK
ACK>>
ACK>>
PSH,ACK>>
<<ACK
<<ACK
<<ACK
ACK>>
<<PSH,ACK
FIN,ACK>>
<<ACK
RST,ACK>>
<<ACK
RST>>
<<ACK
RST>>
<<ACK
RST>>
<<ACK
RST>>

This seems to be happening through all of my captures.

Suggestions?

Re: TCP Retransmissions 14 years 3 weeks ago #16408

  • wlekns
  • wlekns's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
Additional information from the users.

The symptoms appear to be:
* Screen Freezes for 5-10 seconds
* Appears to be a hung IE session
* Sometimes must use tskmgr to kill IE

Re: TCP Retransmissions 13 years 4 months ago #21278

I'm facing a similar issue.
I'm trying to upload a file to a ftp server on the local intranet. The transfer is too slow.
When i captured the transmission, i see a lot of TCP DUP ACKs, TCP Retransmissions, and also some TCP fast retransmissions.
Can someone tell what exactly is going on :cry: and how can i fix it ?

Here's a sniffed session.
http://www.myjavaserver.com/~mobi/output.rar

Re: TCP Retransmissions 13 years 4 months ago #21279

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
How are you creating the capture ? Is it a VLAN SPAN or a port SPAN ? Also, are you capturing RX/TX or Both ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Possible Solution 9 years 6 months ago #36372

I just found the solution for a customer with the same problem.

I setup a monitor on the client and server switch ports, and I would see the server send an ACK, and the client received a RST!

The customer has a Baracuda web filter, and spanning the port showed it was responding to traffic with a RST.

My solution, create a L2 VLAN (i.e 500) with two ports, run a wire from an access port in VLAN1, to one of the ports in VLAN 500, then plug the Barracuda into the other port of VLAN500. I then setup a mac access list on the port of VLAN 500 I looped from VLAN1. I only allow the mac addresses for the Barracuda and the ASA.
Why? On 3750 and below you can only apply and access-group as an ingress filter.

mac access-list extended BaracudaASA
permit any host 0017.5401.0a06
permit any host 001f.9e2b.b04d
permit any host ffff.ffff.ffff
deny any any

interface GigabitEthernet4/0/22
description *** Baracuda MAC jail ***
switchport access vlan 500
switchport mode access
mac access-group BaracudaASA in
no cdp enable


Other solutions: replace your Barracuda with a BlueCoat ProxyOne or Cisco Ironport webfilter

:wink:
  • Page:
  • 1
  • 2
Time to create page: 0.111 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup