Hi everyone, I'm struggling with TCP analysis from my home lan network. I tried to understand which TCP version is implemented in my OS (Windows 8.1 in two computers) and how it's working. I generated 7 TCP streams to get retransmissions. I think that my TCP version is TCP SACK. First of all, I got first retransmission because of the timeout elapsed (probably). Picture Next, I got duplicated ACK(1) and in this segment I got information about SLE = 1595113 and SRE = 1596573. SLE is a seq number of first TCP retransmission. Did I get information that retransmission was correct ? This duplicated ACK(1) occured because there was one or more segments lost. After that I got another retransmission but not connected with that lost segment. Why I did not get retransmission connected with that loose ? Finally, I got another duplicated ACK and there was not any reaction for that. Could anybody tell me if I am thinking on the right way ? Cheers ! asked 19 Jun '15, 04:37  kub4ss |
One Answer:
Do I understnad you correct, that you are wondering about the DUP ACK of FRAME 10824? It is D-SACK for Frame 10456. But also it has the same SEQ und ACK number as the ACK 10638, but with the additional D-SACK options, so Wireshark interpreted it as a DUP ACK. (Maybe this could irritated you.) There has been a quite similar thread here: TCP SACK in capture shows range of previous segments instead of subsequent answered 22 Jun '15, 12:36  Christian_R |
Your questions aren't clear, probably due to the lack of a capture file.
Can you share a capture in a publicly accessible spot, e.g. CloudShark, Google Drive, Dropbox?
Also your picture link doesn't seem to show anything useful and then traps my browser in some AliExpress hell.
Here is a capture file: link
@kub4ss: I converted your answer to a comment, as that's how this Q&A site works. Please read the FAQ!