Dell Knet issue
Hi,
I'm encountering a strange issue for several days and not being able to understand. It's a connection problem with Microsoft.com account or with ftp servers. The problem becomes strange as it happens only with 2 dell computers and one ISP (k-net). Otherwise, no problem with dell pc and another isp (Free) or other pc and K-net. Furthermore, it does not work with some software (Edge, Chrome, Firefox) but works with Avast Secure Browser. Same with ftp, does not work with Filezilla, but works with winscp. Pc use windows 10 20H2 or previous. When trying to connect to microsoft.com/account => login.live.com I get an err_connection_reset, you are not connected to the internet. Wireshark shows multiple Dup Ack retransmission. I would be more than happy to send Wireshark capture but it appears that I'm not allowed to send them on this site "as it requires 60 points". So I paste some results below.
I do precise that I tried many solutions found on the internet like disabling firewall, defender, changing MTU.... Issues occurs in the same way with cable or wifi.
Of course, I didn't get any help from dell or k-net, dell judging it's not their problem (even if it occurs on 2 pc from their brand) and the other just not responding.
Thanks for any help, Olivier
108 6.516763 46.105.162.69 192.168.1.111 FTP 109 [TCP Spurious Retransmission] Response: 220 ProFTPD Server (Fatty FTP Server) [46.105.162.69] 109 6.517127 192.168.1.111 46.105.162.69 TCP 66 [TCP Dup ACK 106#1] 55452 → 21 [ACK] Seq=11 Ack=56 Win=263424 Len=0 SLE=1 SRE=56 110 6.526926 192.168.1.111 46.105.162.69 TCP 64 [TCP Retransmission] 55452 → 21 [PSH, ACK] Seq=1 Ack=56 Win=263424 Len=10 112 6.737237 46.105.162.69 192.168.1.111 FTP 109 [TCP Spurious Retransmission] Response: 220 ProFTPD Server (Fatty FTP Server) [46.105.162.69] 113 6.737536 192.168.1.111 46.105.162.69 TCP 66 [TCP Dup ACK 106#2] 55452 → 21 [ACK] Seq=11 Ack=56 Win=263424 Len=0 SLE=1 SRE=56 114 6.842390 192.168.1.111 46.105.162.69 TCP 64 [TCP Retransmission] 55452 → 21 [PSH, ACK] Seq=1 Ack=56 Win=263424 Len=10 115 7.180452 46.105.162.69 192.168.1.111 FTP 109 [TCP Spurious Retransmission] Response: 220 ProFTPD Server (Fatty FTP Server) [46.105.162.69] 116 7.180639 192.168.1.111 46.105.162.69 TCP 66 [TCP Dup ACK 106#3] 55452 → 21 [ACK] Seq=11 Ack=56 Win=263424 Len=0 SLE=1 SRE=56 117 7.448027 192.168.1.111 46.105.162.69 TCP 64 [TCP Retransmission] 55452 → 21 [PSH, ACK] Seq=1 Ack=56 Win=263424 Len=10 126 8.065216 46.105.162.69 192.168.1.111 ...
Comments
You can upload a capture file to another file sharing site like Google Drive, Dropbox, etc. or others more specific to capture files such as Cloudshark and A-packets, and then share the link here.
Thanks very much Christopher for your mistakes corrections, I hoped that I did less ! Here is a 7 days link to my WireShark results https://we.tl/t-KhTbQnOoaV
allowed file types are '.gif', '.jpg', '.jpeg', '.png', '.txt', '.text', '.pdf', '.pcap', '.pcap.gz', '.pcapng', '.pcapng.gz'
I attached the only capture file contained within the zip file; the .csv and .xlsx files can't be uploaded. I'm not sure what good that capture file is going to do though.
Thanks, You're right, here is a more complete https://we.tl/t-ONHSHYvVUp it's recorded with ip.addr==192.168.1.59 or ip.addr==192.168.1.59 wich is my pc during this session, I tried to connect to microsoft.com and got ERR_CONNECTION_RESET at the end.
Looks like that the ACKs from your client after the TLS client hello never made it to the MS server. The MS server retransmit his last sent package again. It's overlapping with the previous package from the MS server. Not sure if this is a hint. But after that he restarts the whole transmission. This pattern happens to all connections to login.live.com.
Another thing that I've discovered is that the SYN-ACK packages from the servers have all a lower TTL than the rest of the TCP stream. Do you use a proxy with the affected browsers and FTP client? If yes, try it without the proxy.