This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[SYN,ACK] is out of order in a normal TCP connection

0

Hi,

I have captured TCP packet handshake in my nodes, the TCP handshake look very strange, I called A is the sender and B is the receiver

A->B  SYN
B->A  SYN,ACK
A->B  ACK

then it's strange that A continues send a duplicated ACK, then B sends to A an TCP out of order of packet [SYN,ACK]

A->B TCP DUP ACK #1
B->A TCP Out-of-order [SYN,ACK]
A->B TCP DUP ACK #2
A->B TCP DUP ACK #3

Could you please let me know how [SYN,ACK] can be out-of-order and why A sends TCP dup ACK 3 times in this case?

Thanks a lot, Brs Naruto

asked 16 Oct '17, 03:06

naruto's gravatar image

naruto
11113
accept rate: 0%

One Answer:

0

I'd say you have problems with the ACKs from A not getting through to B. I guess the picture at node B looks like this:

alt text

You should capture at B to verify if packets are lost.

answered 16 Oct '17, 03:48

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 16 Oct '17, 06:07

Hi Jasper,

Thanks for your feedback but in my case the TCP DUP ACK is of the last ACK frame of handshake step. I mean it is the duplicate of the last ACK send from A, not the ACK in [SYN,ACK]

(16 Oct '17, 04:21) naruto

of course. The handshake ACK from A never arrives at B, which it why it retransmits SYN/ACK. I updated my answer with a drawing.

(16 Oct '17, 05:55) Jasper ♦♦