Did some search but couldn't find a good answer about the tcp dup ack. The server sent data on frame 4, immediately after that on frame 5, server sends a [TCP Dup ACK], the difference is between frame 4 and 5 is the seq number, what is the purpose of this ack from server? The detail view of the attachment is from frame4. thanks a lot for any response.link text asked 12 Dec '13, 10:25  czhang |
One Answer:
Ok, here's my one 'idea' The trace was taken after the original packet has been GRE-tunneled, so the sequence of packets is not necessarily what was actually sent by the server. If packet #5 was actually sent before #4 and was passed by #4 on its way to the trace capture point you end up seeing what you see - which doesn't make much sense to me either. You might want to look at the ip.id in the inner packets to verify the original sequence at the sender - or take a trace directly at the server (outside the GRE tunnel). answered 13 Dec '13, 22:27  mrEEde |
anyone has any idea? appreciate it.