Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] TCP Previous Segment Lost

From: Chad Handrich <chandric@xxxxxxxxxxxxxxxx>
Date: Thu, 08 Feb 2007 09:03:58 -0500
I have a network client application that runs fine while I am debugging (no TCP errors),
but when I run the release version, it runs incredibly slow.  It runs as a series of
transactions, where each transaction is a separate connection to the server.  Wireshark
analysis has determined that about 50% of all transactions involve the series:

TCP Previous Segment Lost
TCP Dup ACK
RST


The RST consumes 3 seconds per transaction, which is a Big Deal.  So to prevent it, I must
prevent the initial "TCP Previous Segment Lost" (which seems, on the surface, to merely be
a time-out on a particular segment).

In the following clip, the SYN packet suffers from the "TCP Previous Segment Lost" condition.
0.000640 seconds seems like too short of a time to declare this condition, as many previous
successful transactions took much longer to be successfully SYN-ACK'ed.

Can somebody explain "TCP Previous Segment Lost" in this context to help me troubleshoot my
problem?

Any help would be appreciated.

Here is a clip of a problem transaction:


No. Time        Source                Destination           Protocol Info
834 *REF*       89.194.102.223        89.89.200.210         TCP      1137 > 1152 [SYN] Seq=0 Len=0 MSS=1460
835 0.000640    89.194.102.223        89.89.200.210         TCP      [TCP Previous segment lost] 1137 > 1152 [SYN] Seq=21767 Len=0 MSS=1460
836 0.001345    89.89.200.210         89.194.102.223        TCP      1152 > 1137 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
837 0.001360    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [RST] Seq=1 Len=0
838 0.001371    89.89.200.210         89.194.102.223        TCP      [TCP Dup ACK 836#1] 1152 > 1137 [ACK] Seq=1 Ack=1 Win=5840 Len=0
839 0.001379    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [RST] Seq=1 Len=0
840 2.993571    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [SYN] Seq=21767 Len=0 MSS=1460
841 2.994880    89.89.200.210         89.194.102.223        TCP      [TCP Previous segment lost] 1152 > 1137 [SYN, ACK] Seq=2993603 Ack=21768 Win=5840 Len=0 MSS=1460
842 2.994909    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [ACK] Seq=21768 Ack=2993604 Win=17520 Len=0
843 2.995387    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [PSH, ACK] Seq=21768 Ack=2993604 Win=17520 Len=9
844 2.996103    89.89.200.210         89.194.102.223        TCP      1152 > 1137 [ACK] Seq=2993604 Ack=21777 Win=5840 Len=0
845 3.084802    89.89.200.210         89.194.102.223        TCP      1152 > 1137 [PSH, ACK] Seq=2993604 Ack=21777 Win=5840 Len=22
846 3.084829    89.89.200.210         89.194.102.223        TCP      1152 > 1137 [FIN, ACK] Seq=2993626 Ack=21777 Win=5840 Len=0
847 3.084853    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [ACK] Seq=21777 Ack=2993627 Win=17498 Len=0
848 3.085844    89.194.102.223        89.89.200.210         TCP      1137 > 1152 [FIN, ACK] Seq=21777 Ack=2993627 Win=17498 Len=0
849 3.086408    89.89.200.210         89.194.102.223        TCP      1152 > 1137 [ACK] Seq=2993627 Ack=21778 Win=5840 Len=0

--

Chad Handrich
WTC Software Engineering
chandric@xxxxxxxxxxxxxxxx
(248) 477-3900 ext 3244