I'm hoping someone can help me anaylyze this trace. In the received socket stream there seems to be an extra byte (00) of data.
https://www.cloudshark.org/captures/54bf0d1ab500
As best I can tell what is happening is that in packet 5 the receiver sent a zero window message, followed by a window update in #6 saying room was available.
The sender then sent one data byte (00) in packet 7 with Seq=4141. I don't see any ACK for that packet, then 5 milliseconds later the sender retries (packet 8) this time with 1380 bytes beginning at Seq 4141 again.
Packet #8 begins with the same 00 byte that was sent in packet 7. Because this is a retry at 4141 I would not expect both of those 00 bytes to end up in the socket stream of the receiver. Only one of them should have.
When I follow the TCP stream using wireshark, it shows two 00 bytes in the stream when I would expect only one. (See screenshot attached).
The receiver then sends an ACK for 5521 with SLE=4141 SRE=4142. This is what I don't fully understand.
This PCAP was captured on the 172.20.37.233 machine.