More than 2 full TCP packets without ACK and large MTU
Hi, Please refer to the attached pcapng file. It's an excerpt of a 1 GB PCAPNG.
It captures part of transfer of a 1GB FTP (port 21) transfer. I got two questions:
Q1) Packet # 16 through 22 were transferred without any acknowledgement. Each of those packets was more than TCP full size (1460). How is that possible?
Q2) Frame size of each of the above packets is more than the MTU size (1500). How is it possible?
Regards.
It's not reasonable to expect people to download a 1.3 GB file and try to load it into Wireshark in order to tell you what's happening with seven packets. Cut the capture file down to a more reasonable size. To save packets 700 to 900, for example, you could enter a display filter of "frame.number > 699 && frame.number < 901". You can then go to File > Export Specified Packets to save off only the displayed packets.
THANKS Jim, I just now reduced the file size following your advice