TCP retransmissions - looking for explanations
Hi all,
we are running an automation line where we have a S7 communication (Port 102, RFC1006) to a MES.
At certain timepoints the connection will breakdown and reconnect after a couple of seconds. We are still trying to figure out why this happens, that's why I installed a wireshark logging at both the server and client side.
We get some spurious TCP retransmissions, but I can't explain why these happen. Maybe some of you can give me an answer to that questions.
Please find the logs (server & client side) under this link: https://filetransfer.io/data-package/... Thanks all in advance!
Comments
The final response packets coming from the client have a zero delta time vs the request packets from the server. These are gone missing. How come these have zero delta?
Good Morning, thanks for your response.
I just filtered all packets for the zero delta time. It appears to me that there are a couple of packets that are having zero delta, see: https://abload.de/image.php?img=unben...
I'm not sure, how could this happen? Is it a malfunction of the server or TCP stack?
Hi, I would guess that you've used a SPAN port at the client side to capture the traffic. That could be the reason for the zero delta times.
The S7 Ack_data packet 18 in the Client.pcapng didn't make it to the other side. That's why the connection get closed. What's between the two devices? Firewall? IPS? Have you checked them for dropped/blocked packets?