I'm currently investigating network issues of a friends LAN (again). The Internet connectivity is very slow and unreliable and sometimes services simply don't work.
I've monitored the traffic for some time using Wireshark. I finally came up with a reproducible problem, a git pull over ssh that didn't work. Here is what the Wireshark log of the git pull looked like:
The TCP Retransmissions always start when the key exchange is initiated. Either the server isn't receiving the packet from my machine or my machine isn't receiving its answer. I have a feeling that the cause of this is also the cause of all other networking issues of the LAN.
One thing I came up with is the packet length of 1514, while having the don't fragment bit set, of all bad packets here but the LANs router is configured for a MTU of 1492. I can't configure the router for a MTU larger than 1500. Could the packets be too large so they are stuck at the router?
Also, mostly secure connections (https, ssh) seem to be affected but those could always require larger packet sizes, too.
You see, I don't have a lot of experience with networking, so I hope some of you with more experience are able to make more sense of this.
Edit: Just now, the git pull is working fine again. The MTU configuration can't be the cause of the problems…
Best Answer
Large packets with "don't fragment" are normal. That's how the OS performs MTU discovery – instead of letting the network quietly fragment the packets, it expects an ICMP "Fragmentation required" error to be returned (which would have the correct MTU).
If you see the large packets getting retransmitted, it means some router in the middle is misconfigured and either blocks the ICMP error packets, or doesn't send them when needed.