Ask Your Question

detecting duplication and retransmission

asked 2020-06-25 10:24:42 +0000

salwa1215 gravatar image

How can we distingush duplication from transmission tcp plz ? I undestand that the retransmission is done after not receiving the ACK flag and the duplication is done after receiving the paquet two times but I want to know wht we have to check in wireshark to understand it. For duplication, the packet send with how many seq numbers and how many ACK plz ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-06-26 14:55:09 +0000

JasMan gravatar image

Not sure if I understood your question completly. I assume that you want to know how you can distinguish duplicate packets from retransmissions in your capture.

A retransmission should be flagged as "TCP Retransmission" in the info column in Wireshark. It has the same SEQ and ACK values as the lost packet, but a different IP ID ( in the IP header.

Duplicate packets should be flagged as "TCP Spurious Retransmission" or "TCP Out-of-Order" in the info column. It has the same SEQ and ACK values as the original packet, and also the same IP ID (

You can remove the duplicated packets from your capture file with "editcap.exe -d"

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-06-25 10:24:42 +0000

Seen: 35 times

Last updated: Jun 26