Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-07-19 06:30:02 +0000

BradJ gravatar image

Please explain this TCP Retransmission Sequence

Hi All,

I hope I am doing the right thing asking this here. I'm new to all this.

Below is an extract from a pcapng file. I can't attach the file because I don't have enough points. I have googled and googled but I am not a network guy and I am having trouble understanding what wireshark is trying to tell me.

This sequence below repeats over and over. It should just be a big message from .200 to .182 with a 1 byte response, and then a short message from .182 to .200 with a 1 byte response. Is every message in each direction really getting re-transmitted and are the TCP-Dup ACK and TCP-Keep Alive's a problem?

Sorry for the formatting. Happy to re-post in another way if it helps.

Thanks in advance, Brad.

1   14:58:25.934858 10.10.10.200    10.10.10.182    TCP 53740 → scp-config(10001) [PSH, ACK] Seq=1 Ack=1 Win=63198 Len=1005 1059

2   14:58:25.934860 10.10.10.200    10.10.10.182    TCP [TCP Retransmission] 53740 → scp-config(10001) [PSH, ACK] Seq=1 Ack=1 Win=63198 Len=1005    1059

3   14:58:25.968185 10.10.10.182    10.10.10.200    TCP scp-config(10001) → 53740 [ACK] Seq=1 Ack=1006 Win=2048 Len=0   60

4   14:58:25.968186 10.10.10.182    10.10.10.200    TCP [TCP Dup ACK 3#1] scp-config(10001) → 53740 [ACK] Seq=1 Ack=1006 Win=2048 Len=0 60

5   14:58:26.024675 10.10.10.182    10.10.10.200    TCP scp-config(10001) → 53740 [PSH, ACK] Seq=1 Ack=1006 Win=2048 Len=1  60

6   14:58:26.024676 10.10.10.182    10.10.10.200    TCP [TCP Keep-Alive] scp-config(10001) → 53740 [PSH, ACK] Seq=1 Ack=1006 Win=2048 Len=1 60

7   14:58:26.074496 10.10.10.200    10.10.10.182    TCP 53740 → scp-config(10001) [ACK] Seq=1006 Ack=2 Win=63197 Len=0  60

8   14:58:26.074497 10.10.10.200    10.10.10.182    TCP [TCP Keep-Alive ACK] 53740 → scp-config(10001) [ACK] Seq=1006 Ack=2 Win=63197 Len=0 60

9   14:58:26.120072 10.10.10.182    10.10.10.200    FMTP    Operational message 89

10  14:58:26.120074 10.10.10.182    10.10.10.200    TCP [TCP Retransmission] scp-config(10001) → 53740 [PSH, ACK] Seq=2 Ack=1006 Win=2048 Len=35    89

11  14:58:26.120075 10.10.10.200    10.10.10.182    TCP 53740 → scp-config(10001) [PSH, ACK] Seq=1006 Ack=37 Win=63162 Len=1    60

12  14:58:26.120075 10.10.10.200    10.10.10.182    TCP [TCP Keep-Alive] 53740 → scp-config(10001) [PSH, ACK] Seq=1006 Ack=37 Win=63162 Len=1   60

Please explain this TCP Retransmission Sequence

Hi All,

I hope I am doing the right thing asking this here. I'm new to all this.

Below is an extract from a pcapng file. I can't attach the file because I don't have enough points. I have googled and googled but I am not a network guy and I am having trouble understanding what wireshark is trying to tell me.

This sequence below repeats over and over. It should just be a big message from .200 to .182 with a 1 byte response, and then a short message from .182 to .200 with a 1 byte response. Is every message in each direction really getting re-transmitted and are the TCP-Dup ACK and TCP-Keep Alive's a problem?

Sorry for the formatting. Happy to re-post in another way if it helps.

edit: capture is hosted on cloudshark here: https://www.cloudshark.org/captures/5a69217c68cf

Thanks in advance, Brad.

1   14:58:25.934858 10.10.10.200    10.10.10.182    TCP 53740 → scp-config(10001) [PSH, ACK] Seq=1 Ack=1 Win=63198 Len=1005 1059

2   14:58:25.934860 10.10.10.200    10.10.10.182    TCP [TCP Retransmission] 53740 → scp-config(10001) [PSH, ACK] Seq=1 Ack=1 Win=63198 Len=1005    1059

3   14:58:25.968185 10.10.10.182    10.10.10.200    TCP scp-config(10001) → 53740 [ACK] Seq=1 Ack=1006 Win=2048 Len=0   60

4   14:58:25.968186 10.10.10.182    10.10.10.200    TCP [TCP Dup ACK 3#1] scp-config(10001) → 53740 [ACK] Seq=1 Ack=1006 Win=2048 Len=0 60

5   14:58:26.024675 10.10.10.182    10.10.10.200    TCP scp-config(10001) → 53740 [PSH, ACK] Seq=1 Ack=1006 Win=2048 Len=1  60

6   14:58:26.024676 10.10.10.182    10.10.10.200    TCP [TCP Keep-Alive] scp-config(10001) → 53740 [PSH, ACK] Seq=1 Ack=1006 Win=2048 Len=1 60

7   14:58:26.074496 10.10.10.200    10.10.10.182    TCP 53740 → scp-config(10001) [ACK] Seq=1006 Ack=2 Win=63197 Len=0  60

8   14:58:26.074497 10.10.10.200    10.10.10.182    TCP [TCP Keep-Alive ACK] 53740 → scp-config(10001) [ACK] Seq=1006 Ack=2 Win=63197 Len=0 60

9   14:58:26.120072 10.10.10.182    10.10.10.200    FMTP    Operational message 89

10  14:58:26.120074 10.10.10.182    10.10.10.200    TCP [TCP Retransmission] scp-config(10001) → 53740 [PSH, ACK] Seq=2 Ack=1006 Win=2048 Len=35    89

11  14:58:26.120075 10.10.10.200    10.10.10.182    TCP 53740 → scp-config(10001) [PSH, ACK] Seq=1006 Ack=37 Win=63162 Len=1    60

12  14:58:26.120075 10.10.10.200    10.10.10.182    TCP [TCP Keep-Alive] 53740 → scp-config(10001) [PSH, ACK] Seq=1006 Ack=37 Win=63162 Len=1   60
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2