I'm trying to access a web server which is sitting behind a Netcomm 3G10WVR modem/router. The web server's port 80 is port forwarded to port 4476 on the router. The tcp conversation seems to proceed ok but then gets into a (seemingly) neverending loop. I exported the conversation from wireshark and deleted the irrelevant lines - the remainder is below:
At frame 138 the client (192.168.1.103) starts a stream of idenical ACKs; the server (12.345.24.155) seems to respond with a stream of identical packet retransmissions
Can anyone shed some light on this for me?
No. Time Source Destination Protocol Info
92 18.869627 192.168.1.103 12.345.24.155 TCP 52382 > 4476 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1
Frame 92: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: AsustekC_29:44:99 (00:24:8c:29:44:99), Dst: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0)
Internet Protocol, Src: 192.168.1.103 (192.168.1.103), Dst: 12.345.24.155 (12.345.24.155)
Transmission Control Protocol, Src Port: 52382 (52382), Dst Port: 4476 (4476), Seq: 0, Len: 0
Source port: 52382 (52382)
Destination port: 4476 (4476)
[Stream index: 14]
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
Window size: 8192
Checksum: 0x2593 [validation disabled]
Options: (8 bytes)
No. Time Source Destination Protocol Info
108 18.984785 12.345.24.155 192.168.1.103 TCP 4476 > 52382 [SYN, ACK] Seq=0 Ack=1 Win=511 Len=0 MSS=1024
Frame 108: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0), Dst: AsustekC_29:44:99 (00:24:8c:29:44:99)
Internet Protocol, Src: 12.345.24.155 (12.345.24.155), Dst: 192.168.1.103 (192.168.1.103)
Transmission Control Protocol, Src Port: 4476 (4476), Dst Port: 52382 (52382), Seq: 0, Ack: 1, Len: 0
Source port: 4476 (4476)
Destination port: 52382 (52382)
[Stream index: 14]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
Window size: 511
Checksum: 0x9a8d [validation disabled]
Options: (4 bytes)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 92]
[The RTT to ACK the segment was: 0.115158000 seconds]
No. Time Source Destination Protocol Info
109 18.984874 192.168.1.103 12.345.24.155 TCP 52382 > 4476 [ACK] Seq=1 Ack=1 Win=64512 Len=0
Frame 109: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: AsustekC_29:44:99 (00:24:8c:29:44:99), Dst: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0)
Internet Protocol, Src: 192.168.1.103 (192.168.1.103), Dst: 12.345.24.155 (12.345.24.155)
Transmission Control Protocol, Src Port: 52382 (52382), Dst Port: 4476 (4476), Seq: 1, Ack: 1, Len: 0
Source port: 52382 (52382)
Destination port: 4476 (4476)
[Stream index: 14]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 64512
Checksum: 0x258b [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 108]
[The RTT to ACK the segment was: 0.000089000 seconds]
No. Time Source Destination Protocol Info
110 18.985166 192.168.1.103 12.345.24.155 TCP 52382 > 4476 [PSH, ACK] Seq=1 Ack=1 Win=64512 Len=468
Frame 110: 522 bytes on wire (4176 bits), 522 bytes captured (4176 bits)
Ethernet II, Src: AsustekC_29:44:99 (00:24:8c:29:44:99), Dst: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0)
Internet Protocol, Src: 192.168.1.103 (192.168.1.103), Dst: 12.345.24.155 (12.345.24.155)
Transmission Control Protocol, Src Port: 52382 (52382), Dst Port: 4476 (4476), Seq: 1, Ack: 1, Len: 468
Source port: 52382 (52382)
Destination port: 4476 (4476)
[Stream index: 14]
Sequence number: 1 (relative sequence number)
[Next sequence number: 469 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 64512
Checksum: 0x275f [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 468]
Data (468 bytes)
0000 47 45 54 20 2f 69 6e 64 65 78 2e 68 74 6d 6c 20 GET /index.html
0010 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 70 74 HTTP/1.1..Accept
0020 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d : application/x-
0030 6d 73 2d 61 70 70 6c 69 63 61 74 69 6f 6e 2c 20 ms-application,
0040 69 6d 61 67 65 2f 6a 70 65 67 2c 20 61 70 70 6c image/jpeg, appl
0050 69 63 61 74 69 6f 6e 2f 78 61 6d 6c 2b 78 6d 6c ication/xaml+xml
0060 2c 20 69 6d 61 67 65 2f 67 69 66 2c 20 69 6d 61 , image/gif, ima
0070 67 65 2f 70 6a 70 65 67 2c 20 61 70 70 6c 69 63 ge/pjpeg, applic
0080 61 74 69 6f 6e 2f 78 2d 6d 73 2d 78 62 61 70 2c ation/x-ms-xbap,
0090 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6d 73 77 application/msw
00a0 6f 72 64 2c 20 2a 2f 2a 0d 0a 41 63 63 65 70 74 ord, */*..Accept
00b0 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 55 53 -Language: en-US
00c0 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..User-Agent: Mo
00d0 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 zilla/4.0 (compa
00e0 74 69 62 6c 65 3b 20 4d 53 49 45 20 38 2e 30 3b tible; MSIE 8.0;
00f0 20 57 69 6e 64 6f 77 73 20 4e 54 20 36 2e 31 3b Windows NT 6.1;
0100 20 57 4f 57 36 34 3b 20 54 72 69 64 65 6e 74 2f WOW64; Trident/
0110 34 2e 30 3b 20 47 54 42 36 2e 35 3b 20 53 4c 43 4.0; GTB6.5; SLC
0120 43 32 3b 20 2e 4e 45 54 20 43 4c 52 20 32 2e 30 C2; .NET CLR 2.0
0130 2e 35 30 37 32 37 3b 20 2e 4e 45 54 20 43 4c 52 .50727; .NET CLR
0140 20 33 2e 35 2e 33 30 37 32 39 3b 20 2e 4e 45 54 3.5.30729; .NET
0150 20 43 4c 52 20 33 2e 30 2e 33 30 37 32 39 3b 20 CLR 3.0.30729;
0160 4d 65 64 69 61 20 43 65 6e 74 65 72 20 50 43 20 Media Center PC
0170 36 2e 30 3b 20 2e 4e 45 54 34 2e 30 43 29 0d 0a 6.0; .NET4.0C)..
0180 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a Accept-Encoding:
0190 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a gzip, deflate..
01a0 48 6f 73 74 3a 20 37 34 2e 31 39 38 2e 32 34 2e Host: 12.345.24.
01b0 31 35 35 3a 34 34 37 36 0d 0a 43 6f 6e 6e 65 63 155:4476..Connec
01c0 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 tion: Keep-Alive
01d0 0d 0a 0d 0a ....
No. Time Source Destination Protocol Info
134 19.136980 12.345.24.155 192.168.1.103 TCP 4476 > 52382 [ACK] Seq=1 Ack=469 Win=511 Len=0
Frame 134: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0), Dst: AsustekC_29:44:99 (00:24:8c:29:44:99)
Internet Protocol, Src: 12.345.24.155 (12.345.24.155), Dst: 192.168.1.103 (192.168.1.103)
Transmission Control Protocol, Src Port: 4476 (4476), Dst Port: 52382 (52382), Seq: 1, Ack: 469, Len: 0
Source port: 4476 (4476)
Destination port: 52382 (52382)
[Stream index: 14]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 469 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 511
Checksum: 0xaec2 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 110]
[The RTT to ACK the segment was: 0.151814000 seconds]
No. Time Source Destination Protocol Info
137 19.999665 12.345.24.155 192.168.1.103 TCP [TCP Previous segment lost] 4476 > 52382 [PSH, ACK] Seq=2801 Ack=469 Win=511 Len=1296
Frame 137: 1350 bytes on wire (10800 bits), 1350 bytes captured (10800 bits)
Ethernet II, Src: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0), Dst: AsustekC_29:44:99 (00:24:8c:29:44:99)
Internet Protocol, Src: 12.345.24.155 (12.345.24.155), Dst: 192.168.1.103 (192.168.1.103)
Transmission Control Protocol, Src Port: 4476 (4476), Dst Port: 52382 (52382), Seq: 2801, Ack: 469, Len: 1296
Source port: 4476 (4476)
Destination port: 52382 (52382)
[Stream index: 14]
Sequence number: 2801 (relative sequence number)
[Next sequence number: 4097 (relative sequence number)]
Acknowledgement number: 469 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 511
Checksum: 0x2932 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1296]
[TCP Analysis Flags]
[A segment before this frame was lost]
[Expert Info (Warn/Sequence): Previous segment lost (common at capture start)]
[Message: Previous segment lost (common at capture start)]
[Severity level: Warn]
[Group: Sequence]
Data (1296 bytes)
0000 68 6f 6d 65 2d 78 61 6e 2e 70 6e 67 22 20 61 6c home-xan.png" al
0010 74 3d 22 48 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 0d t="Home" />.
0020 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c .................
0500 0d 0a 09 09 09 09 09 09 3c 74 72 3e 0d 0a 09 09 ............
No. Time Source Destination Protocol Info
138 19.999717 192.168.1.103 12.345.24.155 TCP [TCP Dup ACK 110#1] 52382 > 4476 [ACK] Seq=469 Ack=1 Win=64512 Len=0
Frame 138: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: AsustekC_29:44:99 (00:24:8c:29:44:99), Dst: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0)
Internet Protocol, Src: 192.168.1.103 (192.168.1.103), Dst: 12.345.24.155 (12.345.24.155)
Transmission Control Protocol, Src Port: 52382 (52382), Dst Port: 4476 (4476), Seq: 469, Ack: 1, Len: 0
Source port: 52382 (52382)
Destination port: 4476 (4476)
[Stream index: 14]
Sequence number: 469 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 64512
Checksum: 0x258b [validation disabled]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 110]
[Expert Info (Note/Sequence): Duplicate ACK (#1)]
[Message: Duplicate ACK (#1)]
[Severity level: Note]
[Group: Sequence]
No. Time Source Destination Protocol Info
139 20.492179 12.345.24.155 192.168.1.103 TCP [TCP Retransmission] 4476 > 52382 [PSH, ACK] Seq=2801 Ack=469 Win=511 Len=1296
Frame 139: 1350 bytes on wire (10800 bits), 1350 bytes captured (10800 bits)
Ethernet II, Src: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0), Dst: AsustekC_29:44:99 (00:24:8c:29:44:99)
Internet Protocol, Src: 12.345.24.155 (12.345.24.155), Dst: 192.168.1.103 (192.168.1.103)
Transmission Control Protocol, Src Port: 4476 (4476), Dst Port: 52382 (52382), Seq: 2801, Ack: 469, Len: 1296
Source port: 4476 (4476)
Destination port: 52382 (52382)
[Stream index: 14]
Sequence number: 2801 (relative sequence number)
[Next sequence number: 4097 (relative sequence number)]
Acknowledgement number: 469 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 511
Checksum: 0x2932 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1296]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 0.492514000 seconds]
[RTO based on delta from frame: 137]
Data (1296 bytes)
0000 68 6f 6d 65 2d 78 61 6e 2e 70 6e 67 22 20 61 6c home-xan.png" al
0010 74 3d 22 48 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 0d t="Home" />.
0020 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c .................
0500 0d 0a 09 09 09 09 09 09 3c 74 72 3e 0d 0a 09 09 ............
No. Time Source Destination Protocol Info
140 20.492222 192.168.1.103 12.345.24.155 TCP [TCP Dup ACK 110#2] 52382 > 4476 [ACK] Seq=469 Ack=1 Win=64512 Len=0
Frame 140: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: AsustekC_29:44:99 (00:24:8c:29:44:99), Dst: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0)
Internet Protocol, Src: 192.168.1.103 (192.168.1.103), Dst: 12.345.24.155 (12.345.24.155)
Transmission Control Protocol, Src Port: 52382 (52382), Dst Port: 4476 (4476), Seq: 469, Ack: 1, Len: 0
Source port: 52382 (52382)
Destination port: 4476 (4476)
[Stream index: 14]
Sequence number: 469 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 64512
Checksum: 0x258b [validation disabled]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 2]
[Duplicate to the ACK in frame: 110]
[Expert Info (Note/Sequence): Duplicate ACK (#2)]
[Message: Duplicate ACK (#2)]
[Severity level: Note]
[Group: Sequence]
No. Time Source Destination Protocol Info
144 20.974184 12.345.24.155 192.168.1.103 TCP [TCP Retransmission] 4476 > 52382 [PSH, ACK] Seq=2801 Ack=469 Win=511 Len=1296
Frame 144: 1350 bytes on wire (10800 bits), 1350 bytes captured (10800 bits)
Ethernet II, Src: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0), Dst: AsustekC_29:44:99 (00:24:8c:29:44:99)
Internet Protocol, Src: 12.345.24.155 (12.345.24.155), Dst: 192.168.1.103 (192.168.1.103)
Transmission Control Protocol, Src Port: 4476 (4476), Dst Port: 52382 (52382), Seq: 2801, Ack: 469, Len: 1296
Source port: 4476 (4476)
Destination port: 52382 (52382)
[Stream index: 14]
Sequence number: 2801 (relative sequence number)
[Next sequence number: 4097 (relative sequence number)]
Acknowledgement number: 469 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 511
Checksum: 0x2932 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1296]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 0.974519000 seconds]
[RTO based on delta from frame: 137]
Data (1296 bytes)
0000 68 6f 6d 65 2d 78 61 6e 2e 70 6e 67 22 20 61 6c home-xan.png" al
0010 74 3d 22 48 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 0d t="Home" />.
0020 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c .................
0500 0d 0a 09 09 09 09 09 09 3c 74 72 3e 0d 0a 09 09 ............
No. Time Source Destination Protocol Info
145 20.974229 192.168.1.103 12.345.24.155 TCP [TCP Dup ACK 110#3] 52382 > 4476 [ACK] Seq=469 Ack=1 Win=64512 Len=0
Frame 145: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: AsustekC_29:44:99 (00:24:8c:29:44:99), Dst: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0)
Internet Protocol, Src: 192.168.1.103 (192.168.1.103), Dst: 12.345.24.155 (12.345.24.155)
Transmission Control Protocol, Src Port: 52382 (52382), Dst Port: 4476 (4476), Seq: 469, Ack: 1, Len: 0
Source port: 52382 (52382)
Destination port: 4476 (4476)
[Stream index: 14]
Sequence number: 469 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 64512
Checksum: 0x258b [validation disabled]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 3]
[Duplicate to the ACK in frame: 110]
[Expert Info (Note/Sequence): Duplicate ACK (#3)]
[Message: Duplicate ACK (#3)]
[Severity level: Note]
[Group: Sequence]
No. Time Source Destination Protocol Info
147 21.465792 12.345.24.155 192.168.1.103 TCP [TCP Retransmission] 4476 > 52382 [PSH, ACK] Seq=2801 Ack=469 Win=511 Len=1296
Frame 147: 1350 bytes on wire (10800 bits), 1350 bytes captured (10800 bits)
Ethernet II, Src: Cisco-Li_b8:40:a0 (00:13:10:b8:40:a0), Dst: AsustekC_29:44:99 (00:24:8c:29:44:99)
Internet Protocol, Src: 12.345.24.155 (12.345.24.155), Dst: 192.168.1.103 (192.168.1.103)
Transmission Control Protocol, Src Port: 4476 (4476), Dst Port: 52382 (52382), Seq: 2801, Ack: 469, Len: 1296
Source port: 4476 (4476)
Destination port: 52382 (52382)
[Stream index: 14]
Sequence number: 2801 (relative sequence number)
[Next sequence number: 4097 (relative sequence number)]
Acknowledgement number: 469 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 511
Checksum: 0x2932 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1296]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[Expert Info (Note/Sequence): Retransmission (suspected)]
[Message: Retransmission (suspected)]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 1.466127000 seconds]
[RTO based on delta from frame: 137]
Data (1296 bytes)
0000 68 6f 6d 65 2d 78 61 6e 2e 70 6e 67 22 20 61 6c home-xan.png" al
0010 74 3d 22 48 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 0d t="Home" />.
0020 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c .................
0500 0d 0a 09 09 09 09 09 09 3c 74 72 3e 0d 0a 09 09 ............
No. Time Source Destination Protocol Info
148 21.465835 192.168.1.103 12.345.24.155 TCP [TCP Dup ACK 110#4] 52382 > 4476 [ACK] Seq=469 Ack=1 Win=64512 Len=0