Wireshark mailing list archives
TCP Retransmission question
From: Thomas Anderson <t.dt.aanderson () gmail com>
Date: Tue, 21 Jun 2011 15:46:57 +0800
I have two virtual machines running on virtualbox whose os is debian. Currently my connection using ssh from A(xxx.xxx.xxx.111) to B(xxx.xxx.xxx.112) sometimes suffers the connection timeout. So I use wireshark (with filter `host xxx.xxx.xxx.112') to check the underlying network packets and notice sometimes it seems the ssh will do TCP retransmission as below: xxx.xxx.xxx.112 68.168.113.155 SSH [TCP Retransmission] Encrypted response packet len=35 68.168.113.155 xxx.xxx.xxx.112 TCP [TCP Previous segment lost] 33514 > ssh [ACK] Seq=21 Ack=36 Win=5888 Len=0 TSV=3950744190 TSER=4316095 SLE=1 SRE=36 68.168.113.155 xxx.xxx.xxx.112 SSHv2 [TCP Retransmission] Client Protocol: SSH-2.0-libssh-0.1\r However, the ip address started with 68 is not any machine I know of. Does it mean my ssh may be compromised? Or what key word I can filter to find out the root cause (that ssh connection timeout)? Thanks. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- TCP Retransmission question Thomas Anderson (Jun 21)
- Re: TCP Retransmission question ronnie sahlberg (Jun 21)
- Re: TCP Retransmission question Shain Singh (Jun 21)
- Re: TCP Retransmission question Thomas Anderson (Jun 21)
- Re: TCP Retransmission question Shain Singh (Jun 21)
- Re: TCP Retransmission question Andrew Hood (Jun 21)
- Re: TCP Retransmission question Anthony Murabito (Jun 21)
- Re: TCP Retransmission question Thomas Anderson (Jun 21)