Seeing retransmissions and Wireshark DUP ACKs even though data is not corrupted or lost between endpoints

asked 2023-01-20 20:15:48 +0000

sm gravatar image


I am using Wireshark to analyze TCP packets (originally USB packets from total phase that get converted into pcapng for wireshark). There is currently a script that converts the total phase .csv export into a pcapng that is opened with Wireshark. Wireshark is currently showing retransmissions, DUP ACKs and out of order packets, and I am noticing that some packets that are transmitted around the same time as the DUP ACKs and before the retransmission are never acknowledged (ACK number doesn't update with it).

However, when I open up the file that was sent from Server to Client and compare with the original, both have the same data. I'm just not quite sure why Wireshark is displaying these (a guess would be error in the script that converts the csv to pcapng), but perhaps there's a Wireshark related reason behind this?

I'm currently investigating the cause behind these retransmissions. Would changing from two linux devices to one have an effect on this?

edit retag flag offensive close merge delete