Score:0

Server

Please explain the ASA capture to identify re-transmissions

Logger

11/2/22, 6:23 AM

I have recently started troubleshooting an issue and client is suspecting re-transmissions based on the below capture, I am not sure why the data packets are repeating over and over for multiple times with same sequence numbers.

It would be a great help if someone can explain the sequence pattern, so far I have noticed SYN, SYN+ACK and ACK has completed the Push is initiated and then the data is passing but in the data I have collected from ASA capture, the data is repeated between source and destination with out any increment in the sequence and this is what client is suspecting as re-transmissions.

So please explain if any one knows about that and if it's normal and why the packets are repeating with out incrementing the sequence.

18: 15:35:37.335569 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: S 3156301611:3156301611(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>

19: 15:35:37.335965 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: S 2634177356:2634177356(0) ack 3156301612 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>

20: 15:35:37.341580 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . ack 2634177357 win 258 23: 15:35:38.348538 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301611:3156301612(1) ack 2634177357 win 258

24: 15:35:38.348813 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301612 win 512 <nop,nop,sack sack 1 {3156301611:3156301612} >

27: 15:35:39.363003 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301611:3156301612(1) ack 2634177357 win 258

28: 15:35:39.363262 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301612 win 512 <nop,nop,sack sack 1 {3156301611:3156301612} >

31: 15:35:39.910338 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: P 3156301612:3156301691(79) ack 2634177357 win 258

32: 15:35:39.921552 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511

33: 15:35:39.996332 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: P 2634177357:2634177412(55) ack 3156301691 win 511

34: 15:35:40.205586 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . ack 2634177412 win 258

37: 15:35:41.000976 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

38: 15:35:41.001281 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

41: 15:35:42.014495 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

42: 15:35:42.014708 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

45: 15:35:43.028379 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

46: 15:35:43.028685 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

49: 15:35:44.042966 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258 50: 15:35:44.043225 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

53: 15:35:45.056485 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258 54: 15:35:45.056744 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

57: 15:35:46.071010 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258 58: 15:35:46.071254 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

61: 15:35:47.084849 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

62: 15:35:47.085093 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

65: 15:35:48.098551 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

66: 15:35:48.098826 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

69: 15:35:49.113107 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

70: 15:35:49.113366 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

73: 15:35:50.126610 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

74: 15:35:50.126839 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

77: 15:35:51.141136 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

78: 15:35:51.141426 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

81: 15:35:52.154655 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

82: 15:35:52.154929 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

85: 15:35:53.169180 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

86: 15:35:53.169531 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

89: 15:35:54.182989 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301690:3156301691(1) ack 2634177412 win 258

90: 15:35:54.185323 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301691 win 511 <nop,nop,sack sack 1 {3156301690:3156301691} >

91: 15:35:54.495732 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: P 3156301691:3156301756(65) ack 2634177412 win 258

92: 15:35:54.506489 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . 2634177412:2634178792(1380) ack 3156301756 win 511

93: 15:35:54.506504 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: P 2634178792:2634179400(608) ack 3156301756 win 511

94: 15:35:54.729286 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . ack 2634178792 win 258

97: 15:35:55.307723 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: P 2634178792:2634179400(608) ack 3156301756 win 511

98: 15:35:55.524280 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . ack 2634179400 win 256

101: 15:35:56.320295 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301755:3156301756(1) ack 2634179400 win 256

102: 15:35:56.320555 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301756 win 511 <nop,nop,sack sack 1 {3156301755:3156301756} >

105: 15:35:57.333860 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301755:3156301756(1) ack 2634179400 win 256

106: 15:35:57.334226 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301756 win 511 <nop,nop,sack sack 1 {3156301755:3156301756} >

112: 15:35:58.348370 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301755:3156301756(1) ack 2634179400 win 256

113: 15:35:58.348660 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301756 win 511 <nop,nop,sack sack 1 {3156301755:3156301756} >

116: 15:35:59.361935 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301755:3156301756(1) ack 2634179400 win 256

117: 15:35:59.362224 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301756 win 511 <nop,nop,sack sack 1 {3156301755:3156301756} >

120: 15:36:00.375590 802.1Q VLAN#3506 P0 10.4.5.6.58840 > 10.10.11.13.80: . 3156301755:3156301756(1) ack 2634179400 win 256

121: 15:36:00.375850 802.1Q VLAN#3506 P0 10.10.11.13.80 > 10.4.5.6.58840: . ack 3156301756 win 511 <nop,nop,sack sack 1 {3156301755:3156301756} >

How to explain the above logs???

0 + 0

logging

syslog

tcpdump

packet-capture

cisco-asa

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Please explain the ASA capture to identify re-transmissions

TH: โปรดอธิบายการบันทึก ASA เพื่อระบุการส่งสัญญาณซ้ำ

RO: Vă rugăm să explicați captura ASA pentru a identifica retransmisiile

RU: Пожалуйста, объясните захват ASA для идентификации повторных передач

VI: Vui lòng giải thích việc chụp ASA để xác định truyền lại

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.