I did a iperf testing between two virtual machines on the same hardware computer. There are lot of "TCP ACKed lost segment" segment displayed. What does this message mean? For example, host A & B
Does it mean that B actually do get the sequence byte 1000 from the perspective of TCP stack, but wireshark didn't capture sequence 1000 byte? But if wireshark didn't see the packet, how does it know that B's TCP stack has got the sequence 1000? asked 13 Sep '13, 00:08  SteveZhou |
One Answer:
Yes, B got the packet with sequence 1000 and 1 byte, and sent an acknowledge number 1001. Wireshark did not see the packet with sequence 1000, but it saw the acknowlege of 1001. So it marks that acknowledge as "B confirmed it got sequence 1000 with 1 byte, but I didn't see that one". answered 13 Sep '13, 00:15  Jasper ♦♦ |
thank you, Jasper for your confirmation. Do you know why we explicitly develop this expert sign to highlight such segments? What does this sign try to tell us, I mean the network analyst?
This message (or "sign" as you call it) is very helpful, because it tells you that the packet with sequence 1000 was not lost between client and server. The capture process was just not quick enough to record it into the trace. Without the message you might suspect packet loss between client and server, while there wasn't.
I got you. thanks a lot!