Ethereal-users: [Ethereal-users] When Does Ethereal Call a TCP Retransmit a TCP Out-of-Order?
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Robinson, Eric R." <erobinson@xxxxxxxxxxxxxxx>
Date: Fri, 23 Apr 2004 14:56:23 -0700
In the following short TCP connection, frames 8 and 10 look the same to me.
As far as I am aware, frame 10 should be classified as a TCP Retransmit, but
Ethereal called it a TCP Out-of-Order. Can someone help me understand why?
Frame 4 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 0, Ack: 0, Len: 0
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 0
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 64240
Checksum: 0x2fd3 (correct)
Options: (8 bytes)
Frame 5 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:0b:46:e4:8c:81, Dst: 00:0b:db:45:bd:4e
Destination: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Source: 00:0b:46:e4:8c:81 (Cisco_e4:8c:81)
Type: IP (0x0800)
Internet Protocol, Src Addr: 2.2.2.2 (2.2.2.2), Dst Addr: 10.136.4.130
(10.136.4.130)
Transmission Control Protocol, Src Port: 9100 (9100), Dst Port: 3148 (3148),
Seq: 0, Ack: 1, Len: 0
Source port: 9100 (9100)
Destination port: 3148 (3148)
Sequence number: 0
Acknowledgement number: 1
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xd273 (correct)
Options: (8 bytes)
SEQ/ACK analysis
Frame 6 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 1, Ack: 1, Len: 0
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 1
Acknowledgement number: 1
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64860
Checksum: 0xae7c (incorrect, should be 0x018b)
SEQ/ACK analysis
Frame 7 (505 bytes on wire, 505 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 1, Ack: 1, Len: 451
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 1
Next sequence number: 452
Acknowledgement number: 1
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64860
Checksum: 0xdc64 (correct)
Data (451 bytes)
0000 50 4f 53 54 20 2f 73 65 72 76 6c 65 74 2f 6f 72 POST /servlet/or
0010 61 63 6c 65 2e 66 6f 72 6d 73 2e 73 65 72 76 6c acle.forms.servl
0020 65 74 2e 4c 69 73 74 65 6e 65 72 53 65 72 76 6c et.ListenerServl
0030 65 74 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 et HTTP/1.1..Acc
0040 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e ept-Language: en
0050 0d 0a 53 65 73 73 69 64 3a 20 2d 31 0d 0a 43 6f ..Sessid: -1..Co
0060 6e 74 65 6e 74 2d 74 79 70 65 3a 20 61 70 70 6c ntent-type: appl
0070 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f ication/x-www-fo
0080 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 0d 0a 41 rm-urlencoded..A
0090 63 63 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c ccept: text/html
00a0 2c 20 69 6d 61 67 65 2f 67 69 66 2c 20 69 6d 61 , image/gif, ima
00b0 67 65 2f 6a 70 65 67 2c 20 2a 3b 20 71 3d 2e 32 ge/jpeg, *; q=.2
00c0 2c 20 2a 2f 2a 3b 20 71 3d 2e 32 0d 0a 55 73 65 , */*; q=.2..Use
00d0 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 r-Agent: Mozilla
00e0 2f 34 2e 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 /4.0 (compatible
00f0 3b 20 4d 53 49 45 20 36 2e 30 3b 20 57 69 6e 33 ; MSIE 6.0; Win3
0100 32 29 0d 0a 48 6f 73 74 3a 20 31 33 38 2e 36 39 2)..Host: 138.69
0110 2e 32 31 2e 31 39 3a 39 31 30 30 0d 0a 43 6f 6e .21.19:9100..Con
0120 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 38 0d 0a tent-Length: 8..
0130 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 Connection: Keep
0140 2d 41 6c 69 76 65 0d 0a 43 61 63 68 65 2d 43 6f -Alive..Cache-Co
0150 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d ntrol: no-cache.
0160 0a 43 6f 6f 6b 69 65 3a 20 4a 53 65 72 76 53 65 .Cookie: JServSe
0170 73 73 69 6f 6e 49 64 72 6f 6f 74 3d 6c 6e 36 6f ssionIdroot=ln6o
0180 6c 75 78 62 71 31 2e 71 36 76 53 6e 36 6a 51 63 luxbq1.q6vSn6jQc
0190 6b 7a 76 71 4d 54 76 6d 52 62 4b 6f 37 75 49 6d kzvqMTvmRbKo7uIm
01a0 51 58 48 63 41 4c 4a 6d 51 35 47 6f 36 58 4e 72 QXHcALJmQ5Go6XNr
01b0 33 43 4c 61 33 69 4f 0d 0a 0d 0a 77 92 f4 36 5b 3CLa3iO....w..6[
01c0 f1 fe fb ...
Frame 8 (368 bytes on wire, 368 bytes captured)
Ethernet II, Src: 00:0b:46:e4:8c:81, Dst: 00:0b:db:45:bd:4e
Destination: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Source: 00:0b:46:e4:8c:81 (Cisco_e4:8c:81)
Type: IP (0x0800)
Internet Protocol, Src Addr: 2.2.2.2 (2.2.2.2), Dst Addr: 10.136.4.130
(10.136.4.130)
Transmission Control Protocol, Src Port: 9100 (9100), Dst Port: 3148 (3148),
Seq: 1, Ack: 452, Len: 314
Source port: 9100 (9100)
Destination port: 3148 (3148)
Sequence number: 1
Next sequence number: 315
Acknowledgement number: 452
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65084
Checksum: 0x7324 (correct)
SEQ/ACK analysis
Data (314 bytes)
0000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK.
0010 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 39 20 41 .Date: Mon, 19 A
0020 70 72 20 32 30 30 34 20 32 32 3a 30 38 3a 32 39 pr 2004 22:08:29
0030 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 4f 72 GMT..Server: Or
0040 61 63 6c 65 20 48 54 54 50 20 53 65 72 76 65 72 acle HTTP Server
0050 20 50 6f 77 65 72 65 64 20 62 79 20 41 70 61 63 Powered by Apac
0060 68 65 2f 31 2e 33 2e 31 39 20 28 57 69 6e 33 32 he/1.3.19 (Win32
0070 29 20 6d 6f 64 5f 73 73 6c 2f 32 2e 38 2e 31 20 ) mod_ssl/2.8.1
0080 4f 70 65 6e 53 53 4c 2f 30 2e 39 2e 35 61 20 6d OpenSSL/0.9.5a m
0090 6f 64 5f 66 61 73 74 63 67 69 2f 32 2e 32 2e 31 od_fastcgi/2.2.1
00a0 30 20 6d 6f 64 5f 6f 70 72 6f 63 6d 67 72 2f 31 0 mod_oprocmgr/1
00b0 2e 30 20 6d 6f 64 5f 70 65 72 6c 2f 31 2e 32 35 .0 mod_perl/1.25
00c0 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 ..Content-Length
00d0 3a 20 32 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a : 2..Keep-Alive:
00e0 20 74 69 6d 65 6f 75 74 3d 31 35 2c 20 6d 61 78 timeout=15, max
00f0 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e =100..Connection
0100 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f : Keep-Alive..Co
0110 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c ntent-Type: appl
0120 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 ication/octet-st
0130 72 65 61 6d 0d 0a 0d 0a b0 0c ream......
Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 452, Ack: 315, Len: 0
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 452
Acknowledgement number: 315
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64546
Checksum: 0xae7c (incorrect, should be 0xffc7)
SEQ/ACK analysis
Frame 10 (368 bytes on wire, 368 bytes captured)
Ethernet II, Src: 00:0b:46:e4:8c:81, Dst: 00:0b:db:45:bd:4e
Destination: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Source: 00:0b:46:e4:8c:81 (Cisco_e4:8c:81)
Type: IP (0x0800)
Internet Protocol, Src Addr: 2.2.2.2 (2.2.2.2), Dst Addr: 10.136.4.130
(10.136.4.130)
Transmission Control Protocol, Src Port: 9100 (9100), Dst Port: 3148 (3148),
Seq: 1, Ack: 452, Len: 314
Source port: 9100 (9100)
Destination port: 3148 (3148)
Sequence number: 1
Next sequence number: 315
Acknowledgement number: 452
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65084
Checksum: 0x7324 (correct)
SEQ/ACK analysis
Data (314 bytes)
0000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK.
0010 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 39 20 41 .Date: Mon, 19 A
0020 70 72 20 32 30 30 34 20 32 32 3a 30 38 3a 32 39 pr 2004 22:08:29
0030 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 4f 72 GMT..Server: Or
0040 61 63 6c 65 20 48 54 54 50 20 53 65 72 76 65 72 acle HTTP Server
0050 20 50 6f 77 65 72 65 64 20 62 79 20 41 70 61 63 Powered by Apac
0060 68 65 2f 31 2e 33 2e 31 39 20 28 57 69 6e 33 32 he/1.3.19 (Win32
0070 29 20 6d 6f 64 5f 73 73 6c 2f 32 2e 38 2e 31 20 ) mod_ssl/2.8.1
0080 4f 70 65 6e 53 53 4c 2f 30 2e 39 2e 35 61 20 6d OpenSSL/0.9.5a m
0090 6f 64 5f 66 61 73 74 63 67 69 2f 32 2e 32 2e 31 od_fastcgi/2.2.1
00a0 30 20 6d 6f 64 5f 6f 70 72 6f 63 6d 67 72 2f 31 0 mod_oprocmgr/1
00b0 2e 30 20 6d 6f 64 5f 70 65 72 6c 2f 31 2e 32 35 .0 mod_perl/1.25
00c0 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 ..Content-Length
00d0 3a 20 32 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a : 2..Keep-Alive:
00e0 20 74 69 6d 65 6f 75 74 3d 31 35 2c 20 6d 61 78 timeout=15, max
00f0 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e =100..Connection
0100 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f : Keep-Alive..Co
0110 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c ntent-Type: appl
0120 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 ication/octet-st
0130 72 65 61 6d 0d 0a 0d 0a b0 0c ream......
Frame 11 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 452, Ack: 315, Len: 0
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 452
Acknowledgement number: 315
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64546
Checksum: 0xffc7 (correct)
SEQ/ACK analysis
Frame 12 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0b:46:e4:8c:81, Dst: 00:0b:db:45:bd:4e
Destination: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Source: 00:0b:46:e4:8c:81 (Cisco_e4:8c:81)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src Addr: 2.2.2.2 (2.2.2.2), Dst Addr: 10.136.4.130
(10.136.4.130)
Transmission Control Protocol, Src Port: 9100 (9100), Dst Port: 3148 (3148),
Seq: 315, Ack: 452, Len: 0
Source port: 9100 (9100)
Destination port: 3148 (3148)
Sequence number: 315
Acknowledgement number: 452
Header length: 20 bytes
Flags: 0x0011 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 65084
Checksum: 0xfdac (correct)
Frame 13 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 452, Ack: 316, Len: 0
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 452
Acknowledgement number: 316
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64546
Checksum: 0xffc6 (correct)
SEQ/ACK analysis
Frame 14 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:0b:db:45:bd:4e, Dst: 00:04:dc:46:e5:c1
Destination: 00:04:dc:46:e5:c1 (NortelNe_46:e5:c1)
Source: 00:0b:db:45:bd:4e (DellEsgP_45:bd:4e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.136.4.130 (10.136.4.130), Dst Addr: 2.2.2.2
(2.2.2.2)
Transmission Control Protocol, Src Port: 3148 (3148), Dst Port: 9100 (9100),
Seq: 452, Ack: 316, Len: 0
Source port: 3148 (3148)
Destination port: 9100 (9100)
Sequence number: 452
Header length: 20 bytes
Flags: 0x0004 (RST)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0xfbf5 (correct)
SEQ/ACK analysis
- Follow-Ups:
- Re: [Ethereal-users] When Does Ethereal Call a TCP Retransmit a TCPOut-of-Order?
- From: Ronnie Sahlberg
- Re: [Ethereal-users] When Does Ethereal Call a TCP Retransmit a TCPOut-of-Order?
- Prev by Date: Re: [Ethereal-users] Ethereal and GZIP
- Next by Date: Re: [Ethereal-users] Ethereal and GZIP
- Previous by thread: RE: [Ethereal-users] Ethereal and GZIP
- Next by thread: Re: [Ethereal-users] When Does Ethereal Call a TCP Retransmit a TCPOut-of-Order?
- Index(es):