Re: Wireshark Capture: Numerous "Bad TCP" frames: wat0114

i found this thread https://www.wilderssecurity.com/showthread.php?t=197398 while i was searching the net. i am experiencing a similar situation with my ADSL connection. where my router at times goes 'very busy' and my connection becomes painfully slow. when i use wireshark it shows a lot of tcp retransmissions. and this traffic makes up about 80% of what wireshark captures! all these packets have the same source address(which is some remote ip) and the destination is my public ip(router's ip).

so i was wondering how things worked out for wat0114 with the above problem? did you find a solution or any reason for what you were experiencing?

i tried to PM wat0114 but PMs were not allowed + i cannot reply to the old thread either, hence the thread.

thanks!

 

Hi appfuzz,

you know, I replaced my router (D-link, DI 624) a couple months ago due to it starting to frequently lose connection to the network, at least between my pc and its LAN port. I don't honestly know if the router was causing those retransmissions, but it most certainly did recently fail on me. My new router (DI-655) is working fine but I have yet to try any Wireshark captures on my machine. I will let you know the results as soon as I try.

**EDIT**

re-reading that thread, I was still getting many retransmissions after bypassing the router and connecting directly to the modem, so it would seem my router going B/O was an unrelated problem.

I have just run several more captures earlier today and the only errors I'm seeing are mostly TCP Dup Acks and TCP out-of-order packets. Very few Retransmissions. Maybe I just had a poor connection to my ISP on that connection and this one is better? I moved to this new address a few months ago so maybe I got a better connection from my ISP? Hard to say and I can only speculate.

 

wat0114,

thanks for the reply. i have a router with a adsl modem 'in' it. so i guess what ever the problem is it is in the adsl modem 'inside' my router/or my connection.

did you have any problems with your modem? or was it just the connection?

thanks.

 

I'm using the same modem at this location, so it was probably the connection.

 

thanks for the info wat0114. i then i think this issue is due to some problems with my ISP... one of their technicians came here and checked the ADSL line. and they say its ok. i am so lost!

 

A little bit of datacomms trouble-shooting. TCP is an end-to-end protocol, so any problem with TCP may be caused by any component in the connection. If you have persistent problems with one remote host (IP) but no others, then the problem lies at this remote host. If you have persistent problems with a number of hosts, then the problem probably lies at your end.

A bit of free advice. Don't play a scientist, unless you know exactly what you are doing. If you check out the electronics of your car, you will probably find out that it isn't working.