How when analyzing a wireshark capture can it be determined that duplicate ACKs are a result of loss or missing packets versus delay ? asked 02 Jul '13, 06:04  George Ciampo |
One Answer:
Usually by looking at the time it took for the packet that was requested by Duplicate ACK to finally arrive. You need to consider the round trip time and ask yourself "could the sender have known that the packet was lost when it was sent"? E.g. if you see a packet coming in as a "retransmission" within 3 ms after the receiver started dup acking for it and the RTT is 100ms you can be pretty sure that it is just an out out order arrival and thus the duplicate acks a result of delay. answered 02 Jul '13, 07:25  Jasper ♦♦ |
