 | 1 | initial version |
Wireshark marks a packet as a spurious retransmission when it sees a TCP segment that falls within already acknowledged data. As you say you do not see retransmissions on the client side, the data was only sent once. So the only explanation is that somehow the capture setup on the server side records the outgoing ACK before it records the incoming TCP data segment that generated that ACK.
Did you take a look at the timestamps? if the timestamp of the ACK is higher than the timestamp of the TCP data segment, then at least the packets were seen in the correct order, they just were recorded in another order on the file. I've seen this happening when using a passive TAP which outputs each direction to a separate capture interface. You can fix this by running reordercap on the file (included in the Wireshark installation).
