 | 1 | initial version |
Not sure if I understood your question completly. I assume that you want to know how you can distinguish duplicate packets from retransmissions in your capture.
A retransmission should be flagged as "TCP Retransmission" in the info column in Wireshark. It has the same SEQ and ACK values as the lost packet, but a different IP ID (ip.id) in the IP header.
Duplicate packets should be flagged as "TCP Spurious Retransmission" or "TCP Out-of-Order" in the info column. It has the same SEQ and ACK values as the original packet, and also the same IP ID (ip.id).
You can remove the duplicated packets from your capture file with "editcap.exe -d"
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
