Wireshark-users: Re: [Wireshark-users] SACK_PERM=1

From: Sake Blok <sake@xxxxxxxxxx>
Date: Tue, 17 Jul 2012 00:20:53 +0200
On 16 jul 2012, at 22:30, Derrenbacker, L. Jonathan wrote:

I’m doing a packet capture of a web app not authenticating correctly and I see some TCP packets with the “SACK_PERM=1” option set.
Can anyone explain what that option does.


There are some problems with SACK on certain devices. One example is a Cisco ASA with Initial Sequence Numbering enabled. It does not translate the sequence numbers in the SACK TCP option (at least with some version of the ASA SW, maybe with recent versions it does work). What you would see in that case is an endless loop of retransmissions of the wrong segment(s).

In itself the SACK_PERM=1 should not be related to your authentication problems.

Cheers,
Sake