Wireshark-users: Re: [Wireshark-users] Dup ACK #1

From: vincent paul <amoteluro@xxxxxxxxx>
Date: Tue, 30 Mar 2010 21:58:05 -0700 (PDT)
Hi All ,
 
I looked at two traces captured at user's side: one going thru proxy and one bypassing proxy and observed a lot of Dup ACK #1.  Both traces are  traffic of HTTP download's file from server.  I have the following observations and could not find any explanation
 
1)Traffic going thru proxy:  User always sent double ACKs (one ACK(len=0) and  its Dup ACK #1(len=0) immediately). No Dup ACK problem from server side
 
2)Traffic bypassing proxy: server, most of the time, sent out double ACK (ACK(len>0) and its Dup ACK #1 (len=0)) with a time period.  This means:
 
Server---> user: seq=1000 Ack=210 len= 1460
Server----> user (dup Ack #1) seq=2460, Ack =210 len=0
.
.
.
Normal TCP data transfer from server for a while(kind of frequency) , then Server sends out double Acks again.
But there were also some time intervals, the data transfer from server looked normal without any double Acks from server
 
In this case, no Dup Ack problem from user's side.
 
I appreciate your help very much.
 
regards,
PV