Dear Team, I am new to TCP analysis, i am seeing lots of retransmission , i am unable to understand how come there are so many retransmission if they are in same sub nett.Other node is Application side and i suspect while submitting packet on SMPP (using TCP as transport layer ) there window size is giving 46, is the same reason we are seeing retransmission ? I am confused please help. Link for trace file is:
Thanks in Advance...With Regards Avinash Jha This question is marked "community wiki". asked 01 Aug '12, 09:58  creative edited 01 Aug '12, 10:17  Kurt Knochner ♦ |
2 Answers:
I don't know how your capture setup looked like when you recorded this, but your trace has lots of duplicate packets which are showing up as false positives (retransmissions, duplicate acks). You need to deduplicate your trace before analyzing it. See my answer to a similar case here: http://ask.wireshark.org/questions/10369/too-many-lost-segments-dup-acks-and-retransmission answered 01 Aug '12, 10:27  Jasper ♦♦ |
Your system 10.10.6.6 just sends every single packet twice. Wireshark just shows that as DUP ACK and as Retransmission. One possible reason is a problem while capturing the packets. Maybe your sniffer on 10.10.6.6 (what did you use?) just captured (or wrote) every packet twice. To verify, capture at the other side as well and compare the capture files. Regards answered 01 Aug '12, 10:31 Kurt Knochner ♦ |
