This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

acked unseen segment

0

what last packet is marked as it is? Is it ok?

1.1.1.1        2.2.2.2                             TCP      74     49538?443 [SYN] Seq=0 Win=8192 Len=0 MSS=1420 WS=4 SACK_PERM=1 TSval=149611 TSecr=0            
2.2.2.2           1.1.1.1                          TCP      74     443?49538 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=979974123 TSecr=149611            
1.1.1.1        2.2.2.2                             TCP      66     49538?443 [ACK] Seq=1 Ack=1 Win=66176 Len=0 TSval=149613 TSecr=979974123            
1.1.1.1        2.2.2.2                             SSL      285    [Packet size limited during capture]                                       
2.2.2.2           1.1.1.1                          SSL      1474   [Packet size limited during capture]                                       
2.2.2.2           1.1.1.1                          SSL      1474   Continuation Data[Packet size limited during capture]                      
1.1.1.1        2.2.2.2                             TCP      66     49538?443 [ACK] Seq=220 Ack=2817 Win=66176 Len=0 TSval=149616 TSecr=979974126            
2.2.2.2           1.1.1.1                          TCP      409    443?49538 [PSH, ACK] Seq=2817 Ack=220 Win=66048 Len=343 TSval=979974128 TSecr=149616[Packet size limited during capture]            
1.1.1.1        2.2.2.2                             TCP      66     49538?443 [ACK] Seq=220 Ack=3160 Win=65832 Len=0 TSval=149637 TSecr=979974128            
1.1.1.1        2.2.2.2                             TCP      66     49538?443 [FIN, ACK] Seq=220 Ack=3160 Win=65832 Len=0 TSval=149674 TSecr=979974128            
2.2.2.2           1.1.1.1                          TCP      60     443?49538 [RST, ACK] Seq=3160 Ack=221 Win=0 Len=0                        
1.1.1.1        2.2.2.2                             TCP      60     [TCP ACKed unseen segment] 49538?443 [RST, ACK] Seq=221 Ack=3161 Win=0 Len=0            

asked 23 Sep '15, 03:37

Dragec's gravatar image

Dragec
6112
accept rate: 0%

edited 23 Sep '15, 04:01

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


One Answer:

1

It just means that the receiver acknowledged a packet that you did not capture. So your capture device wasn't fast enough to capture all packets, but the real communication worked fine.

answered 23 Sep '15, 03:40

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

problem is that it is highly unlikely that any packet is lost. So I'd like to know what are the other possible answers. Mybe firewall somehow messed communication? Or WS does not interpret something correctlly?

(23 Sep '15, 03:43) Dragec
1

The packet was not lost. You just did not capture it. But you captured the acknowledgement for it, so Wireshark tells you that there was something that wasn't captured but not lost.

Your firewall is fine, Wireshark is fine. Your capture device is too slow.

(23 Sep '15, 03:45) Jasper ♦♦