Hi everyone, i am tracing some packets in wireshark and i have this problem that i found a packet that is an ack packet as the LEN = 0 and the only flag set is ack flag = 1, now usually while tracing i open an ack packet and in the TCP i select [Seq/Ack analysis] which tells me which packet this ack is for , now i did not find this [seq/ack analysis] and so i don't know what packet it is acknowledging even i tried to find the packet manually by calculating (seq no. + len) but i did not find it ...any help ?
asked 03 Jun '15, 04:12
edited 03 Jun '15, 04:21
Your approach doesn't work when TCP Segmentation Offload is enabled. At a trace at the sender you see (too) large segments are leaving the host and acknowledgements are arriving that acknowledge bytes in the middle of the sent segment.
answered 03 Jun '15, 22:05