This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Which device/setup could create duplicate tcp acks ?

0

Hello, i´m troubeshooting an network issue in our network environment. What i see is a high number (up to 400%) of duplicated tcp acknowledgements in our traffic. The timestamps of these packet are neary equal. The percentage of regular tcp packets is real low ( <1%). So the only duplicated packets are the tcp acks.

This are three packets i´ve captured:

415 7.506864    source-ip   destination-ip  TCP 66  [TCP Dup ACK 193#1] http > 9740 [ACK] Seq=1944 Ack=446 Win=65090 Len=0 TSval=989488 TSecr=1913040616

416 7.507888 source-ip destination-ip TCP 66 [TCP Dup ACK 242#1] http > 34887 [ACK] Seq=2515 Ack=411 Win=65125 Len=0 TSval=989488 TSecr=1913040616

417 7.508328 source-ip destination-ip TCP 66 [TCP Dup ACK 306#1] http > 47222 [ACK] Seq=9500 Ack=434 Win=65102 Len=0 TSval=989488 TSecr=1913040616

asked 31 May ‘13, 04:50

mn44's gravatar image

mn44
11112
accept rate: 0%

edited 31 May ‘13, 05:15

grahamb's gravatar image

grahamb ♦
19.8k330206

You can look mac,ip id etc to see if its really a dup ack,in our setup we have riverbed device where when server sends ack,riverbed again forwards it,so we identify it by looking mac,it keeps changing so its normal behaviour.

(31 May ‘13, 05:07) kishan pandey