Hi i was capturing packets with wireshark and i traced some of the packets and i came upon very weird packet and it happened more than once, this packet (Not in the 3-way handshake) has no data and it has Len=0 and it's [ACK] BUT IT IS NOT ACKNOWLEDGING ANY PACKETS ! Usually in an ack packet in the TCP, in the options and in the [SEQ/ACK analysis] i have information that this is an ack packet to the segment x in frame number xx ...now i don't even have [SEQ/ACK analysis] in this weird packet .. so what packet is this i don't get it !
This is a link to the whole pcap file on dropbox ->
asked 23 Jun '15, 08:26
edited 24 Jun '15, 05:27
If the ACK number is pointing into the middle of a previous segment it may be due to tcp segmentation offload being enabled.
Your trace shows that the tcp.len on outbound packets exceeds the MSS, an indication that TCP Segmentation Offload is enabled. The client acknowledges 7240 bytes (5 segments a 1448 bytes) that it received - after the ethernet cards segmented them to fit on the ethernet.
answered 23 Jun '15, 08:47
edited 24 Jun '15, 07:49