Extra byte in received data after TCP Retransmission
I'm hoping someone can help me anaylyze this trace. In the received socket stream there seems to be an extra byte (00) of data.
https://www.cloudshark.org/captures/5...
As best I can tell what is happening is that in packet 5 the receiver sent a zero window message, followed by a window update in #6 saying room was available.
The sender then sent one data byte (00) in packet 7 with Seq=4141. I don't see any ACK for that packet, then 50 milliseconds later the sender retries (packet 8) this time with 1380 bytes beginning at Seq 4141 again.
Packet #8 begins with the same 00 byte that was sent in packet 7. Because this is a retry at 4141 I would not expect both of those 00 bytes to end up in the socket stream of the receiver. Only one of them should have.
When I follow the TCP stream using wireshark, it shows two 00 bytes in the stream when I would expect only one. (See screenshot attached).
The receiver then sends an ACK for 5521 with SLE=4141 SRE=4142. This is what I don't fully understand.
This PCAP was captured on the 172.20.37.233 machine.
Also, when looking at the same PCAP file under an older wireshark version 2.0.5, the follow TCP stream does not show the extra 00 byte; even though the packets are identical (obviously since its the same PCAP file). At this point I am questioning whether or not the extra 00 actually made it into the socket or not.