 | 1 | initial version |
You can remove most of the duplicate packets with editcap -d or -D option. You can verify if the packet is duplicate with the IP identification numbers. If they are the same, then it duplicates. There is packet loss in both directions. More from 10.10.10.1 to 192.168.0.1 direction.
An example with this filter (TCP relative sequence is turned off) tcp.seq==2271806588 || tcp.ack==2271806588 || tcp.options.sack_re==2271806588
Series of events
10.10.10.1 sent the TCP sequence 2271806588
192.168.0.1 complains about it didn't receive 2271806588 in the TCP SACK
192.168.0.1 starts send duplicate ACKs
10.10.10.1 resends the TCP sequence 2271806588
192.168.0.1 stops complaining because it received 2271806588
| | 2 | No.2 Revision |
You can remove most of the duplicate packets with editcap -d or -D option. There are still some duplicates, but not impossible to analyze. You can verify if the packet is duplicate with the IP identification numbers. If they are the same, then it duplicates. There is packet loss in both directions. More from 10.10.10.1 to 192.168.0.1 direction.
An example with this filter (TCP relative sequence is turned off) tcp.seq==2271806588 || tcp.ack==2271806588 || tcp.options.sack_re==2271806588
Series of events
10.10.10.1 sent the TCP sequence 2271806588
192.168.0.1 complains about it didn't receive 2271806588 in the TCP SACK
192.168.0.1 starts send duplicate ACKs
10.10.10.1 resends the TCP sequence 2271806588
192.168.0.1 stops complaining because it received 2271806588
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
