SYN repeated retransmission despite "SYN ACK" following initial SYN packet

[Jeff Bruns <jeff.bruns () gmail com>]

Greetings-
I previously posted on the Devshed forums but haven't received any response.
Hopefully the wireshark community might be able to help...

I wrote a perl program which acts as a network sniffer, intercepting data
sent to a networked laser printer <http://forums.devshed.com/#>. The
resulting data, once parsed, is formatted and written to a serial port which
has connected a series of scrolling LED signboards. I've recently been
experiencing some issues with my network traffic and I was hoping to get
some advice on how to proceed.

I'm running Windows XP <http://forums.devshed.com/#> connected to a 10Mbps
wired LAN which is part of a larger VPN. I've been using wireshark in my
effort to better understand my recent network issues.

The following scenario was an attempt to send data to our networked laser
printer <http://forums.devshed.com/#>. I was able to capture the
corresponding network traffic with wireshark. I've attached a snapshot of
the wireshark traffic.

My first question, which I'm under the assumption is out of my control, has
to do with the 5 repeated SYN packets, despite the SYN, ACK that was sent
immediately following the first SYN. I'm thinking maybe the sender failed to
receive the SYN, ACK and as a result resent the SYN packet?? That being the
case, why is the receiver replying with repeated ACK instead of SYN, ACK?

My next question has to do with the timeframe between each of the following
SYN packets. It would appear that the time
<http://forums.devshed.com/#>doubles after each sent SYN packet. Given
the precision of the time
intervals I would assume it has something to do with the retransmission
timer or persistence timer, although I'm curious as to why the interval
doubles after each attempt.

Information sent to our networked printer is time sensitive, and as you can
see from the timestamps shown throughout the network traffic it takes almost
3 minutes to successfully transmit the data <http://forums.devshed.com/#>.

My questions are:
1- Is there anything I can do to prevent the redundant SYN attempts in the
future?
2- Is there a way to decrease the timeout so that in the event of future
occurrences, the interval between SYN attempts is expedited?
3- In the event data loss <http://forums.devshed.com/#> is suspected due to
network congestion or quality, are there any diagnostics I could perform to
identify bottlenecks?

Below is a link to a wireshark screenshot showing the packets within the
message. It being my first time posing to the list, I'm not sure if I'm
permitted to include attachments, so the screenshot is a link to the devshed
post attachment. If it would be helpful and I'm permitted I'd be happy to
attach the wireshark pcap dump file.

Any help would be greatly appreciated.

Thanks-

Jeff Bruns

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe