Many "Bad TCP" packets.

asked 2019-02-16 01:03:32 +0000

Is it normal to have that many Dup ACKs, Out-Of-Orders, etc. Please take a look at my capture file -

Please provide public access to the race, because now it demands log-in to be viewed.

Packet_vlad ( 2019-02-17 14:26:11 +0000 )

Thanks, fixed that.

bidenkoanton ( 2019-02-17 14:47:55 +0000 )

answered 2019-02-17 18:48:04 +0000

It depends on capture setup, link type, the path data is flowing etc.

TCP Dup ACKs are part of normal TCP loss recovery mechanism. You should pay close attention to them if you have performance problems.

TCP out-of-orders can be a sign of not optimal capture setup or equal cost multipath on the network.

In your trace I do not see much influence from these packets on transfer speed (look at the delta time column).

Capture setup is default, my internet access is over optical fiber (provider - Dup ACKs mean that there is a packet loss, right? But when i ping sites i get almost zero loss (i leave pinging overnight and get 2-3 packets lost out of 30000).

bidenkoanton ( 2019-02-17 23:35:05 +0000 )

Keep in mind that ICMP pinging is absolutely different in its nature than TCP file transfer.

When you ping a site:

  • you don't stress the connection by fully utilizing it;
  • ICMP packets are processed by different routines inside routers.

In addition to that TCP is built in a such a way it is constantly probing for available bandwidth, generally speaking by sending packets faster than a path can handle and then rolling back (this is what "TCP congestion control Collateral damage" is about).

Packet_vlad ( 2019-02-18 08:36:09 +0000 )

OK, thanks for your answers Vlad! Дякую;)

bidenkoanton ( 2019-02-19 20:58:23 +0000 )

Asked: 2019-02-16 01:03:32 +0000

