This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

weird tcp packets not data not ack !

0

Hi i was capturing packets with wireshark and i traced some of the packets and i came upon very weird packet and it happened more than once, this packet (Not in the 3-way handshake) has no data and it has Len=0 and it's [ACK] BUT IT IS NOT ACKNOWLEDGING ANY PACKETS ! Usually in an ack packet in the TCP, in the options and in the [SEQ/ACK analysis] i have information that this is an ack packet to the segment x in frame number xx ...now i don't even have [SEQ/ACK analysis] in this weird packet .. so what packet is this i don't get it !

This is a link to the whole pcap file on dropbox ->
https://www.dropbox.com/s/18zhiqlvlili349/new.pcap?dl=0

asked 23 Jun '15, 08:26

yas1234's gravatar image

yas1234
16182023
accept rate: 0%

edited 24 Jun '15, 05:27

Can you share a capture in a publicly accessible spot, e.g. CloudShark, Google Drive, Dropbox?

(23 Jun '15, 08:42) Christian_R

hi christian i added the whole file in dropbox please check it and try to help me out !

(24 Jun '15, 05:28) yas1234

One Answer:

1

If the ACK number is pointing into the middle of a previous segment it may be due to tcp segmentation offload being enabled.


Your trace shows that the tcp.len on outbound packets exceeds the MSS, an indication that TCP Segmentation Offload is enabled. The client acknowledges 7240 bytes (5 segments a 1448 bytes) that it received - after the ethernet cards segmented them to fit on the ethernet.

alt text

answered 23 Jun '15, 08:47

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 24 Jun '15, 07:49

I voted, because you were even yesterday right. (yetserday we had no trace)

(24 Jun '15, 08:58) Christian_R