is the disconnection caused by too many TCP Dup Ack?

Asked Nov 06 '15 at 10:00

Active Nov 06 '15 at 10:00

Viewed 507 times

I am investigating a service disconnection issue and I am a bit confused by some of the Wireshark logs. Need some help to find out how the disconnection was caused.

Ideally when A sends an ACK to B for sq number 123, B sends packet with sq number 123 and A receive it. If A doesn't receive it, it sends another ACK to B. So in Wireshark, it should be marked as TCP Dup ACK.

For my cases, A sent first ACK to B, later A sent 2 TCP Dup Ack to B then B sent the requested packets, with TCP Retransmission label.

But when disconnection happens, A sent ACK to B, then A sent 1 TCP Dup Ack to B. Then B sent an RST ACK packet WITHOUT TCP Retransmission label.

I want to know if B sent RST due to B didn't receive any ACK packet from A? If yes, A was supposed to send TCP Dup Ack but why A didn't?

I attached logs, the disconnection happened at GMT 20151105 08:22:54. From 08:22:20 till 08:22:54 there are many retransmission, which forms some pattern.

asked Nov 06 '15 at 10:00

Neo Wang

I want to include the logs but seems no where to upload them. If needed, please provide email so that I could send the logs over. Thanks a lot – Neo Wang Nov 06 '15 at 10:01
upload the logs to a cloud service (Onedrive, dropox, google drive) and add a link in your question – magicandre1981 Nov 06 '15 at 18:20
https://drive.google.com/file/d/0BweeAkYSuXIwX2FEQ0UtTnNkYVk/view?usp=sharing – Neo Wang Nov 09 '15 at 05:18
Logs are uploaded here. – Neo Wang Nov 09 '15 at 05:19

is the disconnection caused by too many TCP Dup Ack?

0 Answers0