I'm struggling with TCP analysis from my home lan network. I tried to understand which TCP version is implemented in my OS (Windows 8.1 in two computers) and how it's working. I generated 7 TCP streams to get retransmissions. I think that my TCP version is TCP SACK.
First of all, I got first retransmission because of the timeout elapsed (probably). Picture Next, I got duplicated ACK(1) and in this segment I got information about SLE = 1595113 and SRE = 1596573. SLE is a seq number of first TCP retransmission. Did I get information that retransmission was correct ?
This duplicated ACK(1) occured because there was one or more segments lost. After that I got another retransmission but not connected with that lost segment. Why I did not get retransmission connected with that loose ?
Finally, I got another duplicated ACK and there was not any reaction for that.
Could anybody tell me if I am thinking on the right way ?
asked 19 Jun '15, 04:37
Do I understnad you correct, that you are wondering about the DUP ACK of FRAME 10824? It is D-SACK for Frame 10456. But also it has the same SEQ und ACK number as the ACK 10638, but with the additional D-SACK options, so Wireshark interpreted it as a DUP ACK. (Maybe this could irritated you.)
There has been a quite similar thread here: TCP SACK in capture shows range of previous segments instead of subsequent
answered 22 Jun '15, 12:36