Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2017-11-24 18:13:36 +0000

ecm99 gravatar image

Extra byte in received data after TCP Retransmission

I'm hoping someone can help me anaylyze this trace. In the received socket stream there seems to be an extra byte (00) of data.

https://www.cloudshark.org/captures/54bf0d1ab500

As best I can tell what is happening is that in packet 5 the receiver sent a zero window message, followed by a window update in #6 saying room was available.

The sender then sent one data byte (00) in packet 7 with Seq=4141. I don't see any ACK for that packet, then 5 milliseconds later the sender retries (packet 8) this time with 1380 bytes beginning at Seq 4141 again.
Packet #8 begins with the same 00 byte that was sent in packet 7. Because this is a retry at 4141 I would not expect both of those 00 bytes to end up in the socket stream of the receiver. Only one of them should have.

When I follow the TCP stream using wireshark, it shows two 00 bytes in the stream when I would expect only one. (See screenshot attached).

image description

The receiver then sends an ACK for 5521 with SLE=4141 SRE=4142. This is what I don't fully understand.

This PCAP was captured on the 172.20.37.233 machine.

Extra byte in received data after TCP Retransmission

I'm hoping someone can help me anaylyze this trace. In the received socket stream there seems to be an extra byte (00) of data.

https://www.cloudshark.org/captures/54bf0d1ab500

As best I can tell what is happening is that in packet 5 the receiver sent a zero window message, followed by a window update in #6 saying room was available.

The sender then sent one data byte (00) in packet 7 with Seq=4141. I don't see any ACK for that packet, then 5 milliseconds later the sender retries (packet 8) this time with 1380 bytes beginning at Seq 4141 again.
Packet #8 begins with the same 00 byte that was sent in packet 7. Because this is a retry at 4141 I would not expect both of those 00 bytes to end up in the socket stream of the receiver. Only one of them should have.

When I follow the TCP stream using wireshark, it shows two 00 bytes in the stream when I would expect only one. (See screenshot attached).

image description

The receiver then sends an ACK for 5521 with SLE=4141 SRE=4142. This is what I don't fully understand.

This PCAP was captured on the 172.20.37.233 machine.

image description

Extra byte in received data after TCP Retransmission

I'm hoping someone can help me anaylyze this trace. In the received socket stream there seems to be an extra byte (00) of data.

https://www.cloudshark.org/captures/54bf0d1ab500

As best I can tell what is happening is that in packet 5 the receiver sent a zero window message, followed by a window update in #6 saying room was available.

The sender then sent one data byte (00) in packet 7 with Seq=4141. I don't see any ACK for that packet, then 5 50 milliseconds later the sender retries (packet 8) this time with 1380 bytes beginning at Seq 4141 again.
Packet #8 begins with the same 00 byte that was sent in packet 7. Because this is a retry at 4141 I would not expect both of those 00 bytes to end up in the socket stream of the receiver. Only one of them should have.

When I follow the TCP stream using wireshark, it shows two 00 bytes in the stream when I would expect only one. (See screenshot attached).

image description

The receiver then sends an ACK for 5521 with SLE=4141 SRE=4142. This is what I don't fully understand.

This PCAP was captured on the 172.20.37.233 machine.

image description

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2