Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3422
Views
0
Helpful
5
Replies

TCP retransmission with Port mirroring

bartj
Level 1
Level 1

‎08-27-2016 09:59 AM - edited ‎03-05-2019 04:35 AM

Hello,

I am using some SG200-08 Cisco switches on a local network with some custom hardware I am debugging. I have setup one of the switches to mirror rx/tx traffic so that I can sniff packets with wireshark on a PC that is not part of the network. However, I find that the traffic as captured by wireshark on the PC that is accepting the mirrored packets duplicates every packet as a "TCP Retransmission".

I have attached 2 files, one showing the duplicate packets (Wireshark_dups.PNG) and another taken with wireshark on the host PC which is part of the network(Wireshark_no_dups.PNG). The later file contains no duplicate packets. Note that the 2 files are not time correlated, they serve only as examples of the packet duplication issue.

I have tried disabling spanning tree options but that makes no difference.

Does anyone have any suggestions as to how to get rid of: "TCP Retransmission" packets?

Thanks,

bartj

Labels:
Preview file
85 KB
Preview file
78 KB
0 Helpful
5 Replies 5

dmuinoorallo
Level 1
Level 1

‎09-03-2016 03:47 AM

Hello,

There are different causes for this, typical issues are disconnect ethernet cable or congestion in this interface.

I need more information about your shema of network for help you

0 Helpful

bartj
Level 1
Level 1
In response to dmuinoorallo

‎09-03-2016 02:40 PM

Hello,

I have attached a PNG showing the current network configuration. I have changed it a bit from the last post so that I only see traffic to/from the HOST PC and the custom hardware. TCP re-transmission is still an issue. Any insights appreciated.

Thanks,

bartj

Preview file
33 KB
0 Helpful

dmuinoorallo
Level 1
Level 1
In response to bartj

‎09-03-2016 02:55 PM

In a TCP/IP Client-Server Model arch, TCP retransmission can happen ONLY when the transmitting end does not recieve TCP-ACK from the receiving end.

 Few possibilites of NOT receving TCP-ACK are,

  • The receiving end sent back TCP-ACK is LOST in transit.
  • The transmitting end TCP-DATA is LOST and it did not reach the receving end at all.

Check for error along the traffic path, problems in layer 1 and layer 2.

0 Helpful

bartj
Level 1
Level 1
In response to dmuinoorallo

‎09-03-2016 03:02 PM

dmuinoorallo,

Thank you for your comments. Its interesting that there are TCP re-transmissions for both directions of traffic (HOST > Custom HW and Custom HW to HOST).

I will attempt to do more testing on Tuesday when I have access to the hardware.

Thanks again!

0 Helpful

dan.agache
Level 1
Level 1
In response to bartj

‎03-02-2018 03:54 AM

Hello,

We have the same problem with retransmission. How did you solve the problem?
Did you figure out the cause of retransmission?

Thank you for your help,
Dan

 

0 Helpful
Customers Also Viewed These Support Documents