Re: DUP ACK from the sender

From: Bit Gossip (bit.gossip@chello.nl)
Date: Thu Mar 19 2009 - 05:21:00 ART

• Next message: Nadeem Ansari: "Re: Passed my Lab on Mar 17"
• Previous message: Ali El Moussaoui: "Re: BGP unequal load balancing"
• Maybe in reply to: Bit Gossip: "DUP ACK from the sender"
• Next in thread: shiran guez: "Re: DUP ACK from the sender"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Shiran,
this is true but doesn't change the behavior that the sender is sending
DUP ACK of the ACKs of the receiver.
This is what puzzles me and I can not explain.....
Maybe the sender sending DUP ACK has a special semantic in TCPC?
Regards,
Luca.

 
On Wed, 2009-03-18 at 18:57 +0200, shiran guez wrote:
> the seq=1 and ACK=1 is a relative number not the real ACK or SEQ
> number, if you use tcpdump then add the -S flag to get the real you
> can see it also in your capture it is mentioning that it is a relative
> number only.
>
> On Wed, Mar 18, 2009 at 6:46 PM, Bit Gossip <bit.gossip@chello.nl>
> wrote:
> This is a nasty one....
> It is an excerpt from an ftp session from 100.100.183.204 to
> 100.100.171.254 where 254 is downloading a big file from 204.
> 204 sends chunks of data and 254 acks them.
> All the acknowledgments from 254 have seq=1 because they dont
> contains
> data, and 204 apparently acknowledges them by setting ACK flag
> and ACK=1
> (=seq number) in its data packets. This is strange but still
> ok.
> Why then 204 (the data sender, not receiver) is sending
> duplicate ack
> for seq=1?
>
> Hope someone can help me.......
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> No. Time Source Destination
> Protocol
> Info
> 136 20.816004 100.100.183.204 100.100.171.254
> FTP-DATA FTP Data: 1448 bytes
>
> Frame 136 (1514 bytes on wire, 96 bytes captured)
> Arrival Time: Mar 18, 2009 12:14:22.083304000
> [Time delta from previous captured frame: 0.000004000
> seconds]
> [Time delta from previous displayed frame: 0.000004000
> seconds]
> [Time since reference or first frame: 20.816004000 seconds]
> Frame Number: 136
> Frame Length: 1514 bytes
> Capture Length: 96 bytes
> [Frame is marked: True]
> [Protocols in frame: eth:ip:tcp:ftp-data]
> [Coloring Rule Name: TCP]
> [Coloring Rule String: tcp]
> <...>
> Internet Protocol, Src: 100.100.183.204 (100.100.183.204),
> Dst:
> 100.100.171.254 (100.100.171.254)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x08 (DSCP 0x02: Unknown
> DSCP; ECN:
> 0x00)
> 0000 10.. = Differentiated Services Codepoint: Unknown
> (0x02)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 1500
> Identification: 0x16e0 (5856)
> Flags: 0x04 (Don't Fragment)
> 0... = Reserved bit: Not set
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 64
> Protocol: TCP (0x06)
> Header checksum: 0x100c [correct]
> [Good: True]
> [Bad : False]
> Source: 100.100.183.204 (100.100.183.204)
> Destination: 100.100.171.254 (100.100.171.254)
> Transmission Control Protocol, Src Port: ftp-data (20), Dst
> Port: 62304
> (62304), Seq: 110049, Ack: 1, Len: 1448
> Source port: ftp-data (20)
> Destination port: 62304 (62304)
> Sequence number: 110049 (relative sequence number)
> [Next sequence number: 111497 (relative sequence
> number)]
> Acknowledgement number: 1 (relative ack number)
> Header length: 32 bytes
> Flags: 0x10 (ACK)
> 0... .... = Congestion Window Reduced (CWR): Not set
> .0.. .... = ECN-Echo: Not set
> ..0. .... = Urgent: Not set
> ...1 .... = Acknowledgment: Set
> .... 0... = Push: Not set
> .... .0.. = Reset: Not set
> .... ..0. = Syn: Not set
> .... ...0 = Fin: Not set
> Window size: 5840 (scaled)
> Checksum: 0x13f7 [unchecked, not all data available]
> [Good Checksum: False]
> [Bad Checksum: False]
> Options: (12 bytes)
> NOP
> NOP
> Timestamps: TSval 3203281847, TSecr 3574178296
> FTP Data
> FTP Data: .\325\020\326=#2j\021\000@~\005\000\000\000\000
> \000\366
> \375\356r\000\000\021\022\001\000\376D
>
> No. Time Source Destination
> Protocol
> Info
> 137 20.816357 100.100.171.254 100.100.183.204
> TCP
> 62304 > ftp-data [ACK] Seq=1 Ack=63713 Win=65160 Len=0
> TSV=3574178294
> TSER=3203281821
>
> Frame 137 (66 bytes on wire, 66 bytes captured)
> Arrival Time: Mar 18, 2009 12:14:22.083657000
> [Time delta from previous captured frame: 0.000353000
> seconds]
> [Time delta from previous displayed frame: 0.000353000
> seconds]
> [Time since reference or first frame: 20.816357000 seconds]
> Frame Number: 137
> Frame Length: 66 bytes
> Capture Length: 66 bytes
> [Frame is marked: True]
> [Protocols in frame: eth:ip:tcp]
> [Coloring Rule Name: TCP]
> [Coloring Rule String: tcp]
> Internet Protocol, Src: 100.100.171.254 (100.100.171.254),
> Dst:
> 100.100.183.204 (100.100.183.204)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x08 (DSCP 0x02: Unknown
> DSCP; ECN:
> 0x00)
> 0000 10.. = Differentiated Services Codepoint: Unknown
> (0x02)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 52
> Identification: 0x5a77 (23159)
> Flags: 0x04 (Don't Fragment)
> 0... = Reserved bit: Not set
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 62
> Protocol: TCP (0x06)
> Header checksum: 0xd41c [correct]
> [Good: True]
> [Bad : False]
> Source: 100.100.171.254 (100.100.171.254)
> Destination: 100.100.183.204 (100.100.183.204)
> Transmission Control Protocol, Src Port: 62304 (62304), Dst
> Port:
> ftp-data (20), Seq: 1, Ack: 63713, Len: 0
> Source port: 62304 (62304)
> Destination port: ftp-data (20)
> Sequence number: 1 (relative sequence number)
> Acknowledgement number: 63713 (relative ack number)
> Header length: 32 bytes
> Flags: 0x10 (ACK)
> 0... .... = Congestion Window Reduced (CWR): Not set
> .0.. .... = ECN-Echo: Not set
> ..0. .... = Urgent: Not set
> ...1 .... = Acknowledgment: Set
> .... 0... = Push: Not set
> .... .0.. = Reset: Not set
> .... ..0. = Syn: Not set
> .... ...0 = Fin: Not set
> Window size: 65160 (scaled)
> Checksum: 0x1b67 [correct]
> [Good Checksum: True]
> [Bad Checksum: False]
> Options: (12 bytes)
> NOP
> NOP
> Timestamps: TSval 3574178294, TSecr 3203281821
>
> No. Time Source Destination
> Protocol
> Info
> 138 20.816365 100.100.183.204 100.100.171.254
> TCP
> [TCP Dup ACK 136#1] ftp-data > 62304 [ACK] Seq=111497 Ack=1
> Win=5840
> Len=0 TSV=3203281847 TSER=3574178296
>
> Frame 138 (66 bytes on wire, 66 bytes captured)
> Arrival Time: Mar 18, 2009 12:14:22.083665000
> [Time delta from previous captured frame: 0.000008000
> seconds]
> [Time delta from previous displayed frame: 0.000008000
> seconds]
> [Time since reference or first frame: 20.816365000 seconds]
> Frame Number: 138
> Frame Length: 66 bytes
> Capture Length: 66 bytes
> [Frame is marked: True]
> [Protocols in frame: eth:ip:tcp]
> [Coloring Rule Name: Bad TCP]
> [Coloring Rule String: tcp.analysis.flags]
> Internet Protocol, Src: 100.100.183.204 (100.100.183.204),
> Dst:
> 100.100.171.254 (100.100.171.254)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x08 (DSCP 0x02: Unknown
> DSCP; ECN:
> 0x00)
> 0000 10.. = Differentiated Services Codepoint: Unknown
> (0x02)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 52
> Identification: 0x16e2 (5858)
> Flags: 0x04 (Don't Fragment)
> 0... = Reserved bit: Not set
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 64
> Protocol: TCP (0x06)
> Header checksum: 0x15b2 [correct]
> [Good: True]
> [Bad : False]
> Source: 100.100.183.204 (100.100.183.204)
> Destination: 100.100.171.254 (100.100.171.254)
> Transmission Control Protocol, Src Port: ftp-data (20), Dst
> Port: 62304
> (62304), Seq: 111497, Ack: 1, Len: 0
> Source port: ftp-data (20)
> Destination port: 62304 (62304)
> Sequence number: 111497 (relative sequence number)
> Acknowledgement number: 1 (relative ack number)
> Header length: 32 bytes
> Flags: 0x10 (ACK)
> 0... .... = Congestion Window Reduced (CWR): Not set
> .0.. .... = ECN-Echo: Not set
> ..0. .... = Urgent: Not set
> ...1 .... = Acknowledgment: Set
> .... 0... = Push: Not set
> .... .0.. = Reset: Not set
> .... ..0. = Syn: Not set
> .... ...0 = Fin: Not set
> Window size: 5840 (scaled)
> Checksum: 0xda32 [correct]
> [Good Checksum: True]
> [Bad Checksum: False]
> Options: (12 bytes)
> NOP
> NOP
> Timestamps: TSval 3203281847, TSecr 3574178296
> [SEQ/ACK analysis]
> [This is an ACK to the segment in frame: 137]
> [The RTT to ACK the segment was: 0.000008000 seconds]
> [TCP Analysis Flags]
> [This is a TCP duplicate ack]
> [Duplicate ACK #: 1]
> [Duplicate to the ACK in frame: 136]
>
> No. Time Source Destination
> Protocol
> Info
> 139 20.816483 100.100.171.254 100.100.183.204
> TCP
> 62304 > ftp-data [ACK] Seq=1 Ack=65161 Win=66608 Len=0
> TSV=3574178294
> TSER=3203281825
>
> Frame 139 (66 bytes on wire, 66 bytes captured)
> Arrival Time: Mar 18, 2009 12:14:22.083783000
> [Time delta from previous captured frame: 0.000118000
> seconds]
> [Time delta from previous displayed frame: 0.000118000
> seconds]
> [Time since reference or first frame: 20.816483000 seconds]
> Frame Number: 139
> Frame Length: 66 bytes
> Capture Length: 66 bytes
> [Frame is marked: True]
> [Protocols in frame: eth:ip:tcp]
> [Coloring Rule Name: TCP]
> [Coloring Rule String: tcp]
> Internet Protocol, Src: 100.100.171.254 (100.100.171.254),
> Dst:
> 100.100.183.204 (100.100.183.204)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x08 (DSCP 0x02: Unknown
> DSCP; ECN:
> 0x00)
> 0000 10.. = Differentiated Services Codepoint: Unknown
> (0x02)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 52
> Identification: 0x5a78 (23160)
> Flags: 0x04 (Don't Fragment)
> 0... = Reserved bit: Not set
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 62
> Protocol: TCP (0x06)
> Header checksum: 0xd41b [correct]
> [Good: True]
> [Bad : False]
> Source: 100.100.171.254 (100.100.171.254)
> Destination: 100.100.183.204 (100.100.183.204)
> Transmission Control Protocol, Src Port: 62304 (62304), Dst
> Port:
> ftp-data (20), Seq: 1, Ack: 65161, Len: 0
> Source port: 62304 (62304)
> Destination port: ftp-data (20)
> Sequence number: 1 (relative sequence number)
> Acknowledgement number: 65161 (relative ack number)
> Header length: 32 bytes
> Flags: 0x10 (ACK)
> 0... .... = Congestion Window Reduced (CWR): Not set
> .0.. .... = ECN-Echo: Not set
> ..0. .... = Urgent: Not set
> ...1 .... = Acknowledgment: Set
> .... 0... = Push: Not set
> .... .0.. = Reset: Not set
> .... ..0. = Syn: Not set
> .... ...0 = Fin: Not set
> Window size: 66608 (scaled)
> Checksum: 0x12e7 [correct]
> [Good Checksum: True]
> [Bad Checksum: False]
> Options: (12 bytes)
> NOP
> NOP
> Timestamps: TSval 3574178294, TSecr 3203281825
>
> No. Time Source Destination
> Protocol
> Info
> 140 20.816490 100.100.183.204 100.100.171.254
> TCP
> [TCP Dup ACK 136#2] ftp-data > 62304 [ACK] Seq=111497 Ack=1
> Win=5840
> Len=0 TSV=3203281847 TSER=3574178296
>
> Frame 140 (66 bytes on wire, 66 bytes captured)
> Arrival Time: Mar 18, 2009 12:14:22.083790000
> [Time delta from previous captured frame: 0.000007000
> seconds]
> [Time delta from previous displayed frame: 0.000007000
> seconds]
> [Time since reference or first frame: 20.816490000 seconds]
> Frame Number: 140
> Frame Length: 66 bytes
> Capture Length: 66 bytes
> [Frame is marked: True]
> [Protocols in frame: eth:ip:tcp]
> [Coloring Rule Name: Bad TCP]
> [Coloring Rule String: tcp.analysis.flags]
> Internet Protocol, Src: 100.100.183.204 (100.100.183.204),
> Dst:
> 100.100.171.254 (100.100.171.254)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x08 (DSCP 0x02: Unknown
> DSCP; ECN:
> 0x00)
> 0000 10.. = Differentiated Services Codepoint: Unknown
> (0x02)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 52
> Identification: 0x16e4 (5860)
> Flags: 0x04 (Don't Fragment)
> 0... = Reserved bit: Not set
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 64
> Protocol: TCP (0x06)
> Header checksum: 0x15b0 [correct]
> [Good: True]
> [Bad : False]
> Source: 100.100.183.204 (100.100.183.204)
> Destination: 100.100.171.254 (100.100.171.254)
> Transmission Control Protocol, Src Port: ftp-data (20), Dst
> Port: 62304
> (62304), Seq: 111497, Ack: 1, Len: 0
> Source port: ftp-data (20)
> Destination port: 62304 (62304)
> Sequence number: 111497 (relative sequence number)
> Acknowledgement number: 1 (relative ack number)
> Header length: 32 bytes
> Flags: 0x10 (ACK)
> 0... .... = Congestion Window Reduced (CWR): Not set
> .0.. .... = ECN-Echo: Not set
> ..0. .... = Urgent: Not set
> ...1 .... = Acknowledgment: Set
> .... 0... = Push: Not set
> .... .0.. = Reset: Not set
> .... ..0. = Syn: Not set
> .... ...0 = Fin: Not set
> Window size: 5840 (scaled)
> Checksum: 0xda32 [correct]
> [Good Checksum: True]
> [Bad Checksum: False]
> Options: (12 bytes)
> NOP
> NOP
> Timestamps: TSval 3203281847, TSecr 3574178296
> [SEQ/ACK analysis]
> [This is an ACK to the segment in frame: 139]
> [The RTT to ACK the segment was: 0.000007000 seconds]
> [TCP Analysis Flags]
> [This is a TCP duplicate ack]
> [Duplicate ACK #: 2]
> [Duplicate to the ACK in frame: 136]
> [ltosolini@nlws481253 SpeedTest]$
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1 JNCIA-ER CCIE #20572
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3

Blogs and organic groups at http://www.ccie.net

• Next message: Nadeem Ansari: "Re: Passed my Lab on Mar 17"
• Previous message: Ali El Moussaoui: "Re: BGP unequal load balancing"
• Maybe in reply to: Bit Gossip: "DUP ACK from the sender"
• Next in thread: shiran guez: "Re: DUP ACK from the sender"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART