Reputation: 67
TCP Packet Dump Retransmission Detection
I am wondering how, in detail, a program like wireshark detects duplicates from retransmission in a TCP stream. I've looked at the RFCs regarding TCP but haven't quite been able to figure out how it works. I'd very much appreciate a clear explanation.
An example situation that confused me was the following:
*C: 1227 + len = 1687
C: 1847+ len = 2299
S: ACK 2299
*C: 2299+len = 2751
*C: 2751+len = 3203
S: ACK 2751
Where the * indicates packets with duplicate payloads. How does wireshark and or TCP function to detect and discard the duplicates?
Upvotes: 4
Views: 354
Answers (1)
Reputation: 41
According to the book 《Troubleshooting with wireshark》
Wireshark defines a packet as a Retransmission if the following conditions are met:
The segment contains data or has the SYN or FIN bits set to 1.
The segment does not advance the sequence number
The Retransmission is not triggered by Duplicate ACKs
The segment arrives > 3 ms later than the previous packet with a higher sequence number
and you see the below picture to make clear
Upvotes: 0
Related Questions
- Counting TCP retransmissions
- How to Find TCP Retransmissions while sniffing packets in C
- Is it possible to filter TCP retranmission packet in tcpdump?
- How could I find TCP retransmission and packet loss from pcap file?
- Client Hello TCP Retransmission from wireshark
- Sniffing TCP and UDP network traffic
- Detecting retransmitted packet with libpcap
- retransmission mechanism in TCP protocol
- What are the retransmission rules for TCP?
- Capturing incoming tcp/ip packets