Ethereal-dev: Re: [Ethereal-dev] False [TCP Dup ACK] indicators

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Thu, 2 Dec 2004 21:03:10 +1100
Yes, it is likely that a normal windows update might be mistaken as a dup ack.

It is semi-trivial to fix, do you have a capture file to share to test
and verify the fix with?




On Wed, 1 Dec 2004 19:37:29 -0500, Donnie Hale
<lists-ethereal@xxxxxxxxxxxxxx> wrote:
> In reviewing some captures today, Ethereal reported some packets as [TCP Dup
> ACK ...]. When I see that, I generally think there's some kind of loss in
> the environment. However, in looking more closely at the frames, we were
> able to determine that these weren't indicators of loss but instead of the
> receive window being opened after previously being shrunk. As I understand
> it, this is legal TCP behavior - resending a just-sent ACK with a different
> window size to indicate that the receiver's window readiness has changed.
> 
> Ethereal wasn't the only tool that saw things that way, though tcptrace
> seems to have understood what these packets were.
> 
> Assuming our interpretation is correct, would there be a way to improve
> Ethereal's handling of those kind of packets so that they don't look on the
> surface like loss indicators?
> 
> Thanks,
> 
> Donnie
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>