0

I am trying to get some clarification on something I read here:

how to calculate packet loss from a binary TCPDUMP file

The first answer says that the sequence number will be the same from client to server and from server to client the ack would be the same and this would tell you which side is doing the retransmit. However, when I get output such as this:

10:58:15.317823 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040385, ack 56380, win 32768, length 117
10:58:15.317841 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040385:3040470, ack 56380, win 32768, length 85
10:58:15.550090 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040470, ack 56380, win 32768, length 202
10:58:15.811131 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040470, ack 56380, win 32768, length 202
10:58:16.133386 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040470, ack 56380, win 32768, length 202

In this example, the first 2 lines have different sequence numbers and the same ack but its a packet from the client to the server, so which side is doing the retransmit here?

In the last 3 lines both the sequence numbers and the acks are the same, so how do you know which side is retransmitting the packet? Note that in this example 1.2.3.4 is the client and 5.6.7.8 is the server.

Community
  • 1
user53029
  • 619
  • 2
  • 14
  • 34

1 Answers1

2

These are retransmits from the client to the server. Here's what's happening:

  • The client sends 2 segments. One with 117 bytes and one with 85 bytes (pkts 1 and 2)
  • The client waits for an acknowledgement from the server which never comes
  • After about 200ms, the client's retransmit timer expires so it uses repacketization and combines both the previous segments into one segment of 202 bytes (pkt 3)
  • The client resets its retransmit timer which expires since no ACK is received so it retransmits again (pkt 4)
  • The client increases the timer, waits again, the timer expires, and it retransmits again (pkt 5)

We know these are retransmits from the client because all the packets are from the client to the server. We know they are retransmits because the sequence number is the same i.e. it's sending the same data over and over.

karyhead
  • 416
  • 3
  • 6