I have used version 1.10.1 to capture a 900 mbyte trace file. The trace file is a download of a resultant data set from a Netezza Data Warehouse query. I have run Wireshark Expert Infos against it and the Notes have recorded 128 Duplicate ACK's run a total of 25938 times. Does this indicate a heavily congested network between the laptop and the Server? I am using a 1 Gbit Netgear Switch with port mirroring off a 100 mbyte LAN. I am attaching the output. asked 02 Sep '13, 15:04  Zoberist |
One Answer:
"the Notes have recorded 128 Duplicate ACK's run a total of 25938 times." The "Notes:128 (25938)" indicate that you have 25938 packets with 128 different types of a 'Note' - most of which are duplicate ACKS. As a Duplicate ACK combined with the duplicate ACK # is treated as a unique event when in fact it is just an indication of an out-of-order arrival at the receiver, this number is kind of misleading. If you have a large windowsize offered by a receiver and a packet early in the window was dropped or delayed you'll see a dupack with increasing numbers, all reporting the same missing packet. The third dup ack (1095) seen at the sender will will trigger a fast retransmission (956). Putting this in perspective: Receiving a 900MB file with only 412 'suspected Retransmissions' doesn't look like a high number to me. answered 02 Sep '13, 22:06  mrEEde edited 02 Sep '13, 22:19 |
Thank you very much !!!!