Retransmitted packet breaks TCP sequence

edit

Size of packet is not a factor when determining if it is a retransmission:
https://www.wireshark.org/docs/wsug_h...

https://code.wireshark.org/review/git...

 /* If there were >=2 duplicate ACKs in the reverse direction
  * (there might be duplicate acks missing from the trace)
  * and if this sequence number matches those ACKs
  * and if the packet occurs within 20ms of the last
  * duplicate ack
  * then this is a fast retransmission
  */

Frame 31 contains three pieces of TLS data, the first which matches the data in frame 20.

Right. There were 3 data segments sent:

• Frame 20: 75 bytes
• Frame 27: 78 bytes
• Frame 29: 129 bytes Total: 75 + 78 + 129 = 282

The receiver is still ACK'ing 2050 (relative seq #), so the sender sends all 282 bytes starting from seq=2050, although I'm not sure why all 282 bytes need to be sent considering the receiver has sent the SACK 2125-2203 option in Frame 28 indicating that it only needs the 75 bytes from 2050 through 2124. So are SACK's causing the problem? We don't have the TCP 3-way handshake to know whether SACK's are even permitted or not.

Yes, SACKs are enabled at both endpoints. Will try to upload the whole conversation shortly.

If the problem is repeatable, you could try disabling SACKs, just to see if that makes any difference.