Home page logo
/

wireshark logo Wireshark mailing list archives

Re: TCP Previous segment lost, TCP dup ACK
From: Martin Visser <martinvisser99 () gmail com>
Date: Wed, 21 Apr 2010 15:01:50 +1000

Thomas,

The message "TCP Previous segment lost” refers to the fact that the SEQ in
 packet 3381 has jumped ahead from the next SEQ expected from 192.176.3.132.
Wireshark is showing can't show the missing packet, so shows it in the next
segment from that source. The receiver also has detected a segment went
missing, and wants it quickly and hence the triple-ACK

Regards, Martin

MartinVisser99 () gmail com


On Wed, Apr 21, 2010 at 12:47 AM, Thomas Ellingsén <
Thomas.Ellingsen () crosskey se> wrote:

 Hi Martin,



Ok, I agree. But the thing that confuses me is the dup ACK that is
”requesting” the fast retransmission is comming from 10.32.22.90 and the dup
acks are always post a ” TCP Previous segment lost” originated from
192.176.3.132 witch in my mind indicates that 192.176.3.132  is missing a
packet sent from 10.32.22.90.



Someone please enlighten a lost ”networker”!



Regards,

Thomas



*From:* Martin Visser [mailto:martinvisser99 () gmail com]
*Sent:* den 19 april 2010 15:27
*To:* Community support list for Wireshark
*Subject:* Re: [Wireshark-users] TCP Previous segment lost, TCP dup ACK



I'd pretty certain that this 10.33.22.90 hoping to invoke Fast Retransmit
- http://en.wikipedia.org/wiki/Fast_retransmit


Regards, Martin

MartinVisser99 () gmail com

 On Mon, Apr 19, 2010 at 11:10 PM, Thomas Ellingsén <
Thomas.Ellingsen () crosskey se> wrote:

Hi,


I get TCP Previous segment lost folowed by 2-10 TCP Dup ACK

3381    2010-04-19 12:33:55.284770      192.176.3.132   10.32.22.90     TCP
    [TCP Previous segment lost] [TCP segment of a reassembled PDU]

3382    2010-04-19 12:33:55.286392      10.32.22.90     192.176.3.132   TCP
    [TCP Dup ACK 3379#1] 56791 > 29900 [ACK] Seq=1 Ack=269280 Win=254 Len=0
SLE=270296 SRE=270660

3384    2010-04-19 12:33:55.333856      10.32.22.90     192.176.3.132   TCP
    [TCP Dup ACK 3379#2] 56791 > 29900 [ACK] Seq=1 Ack=269280 Win=254 Len=0
SLE=270296 SRE=270723

3387    2010-04-19 12:33:55.478371      10.32.22.90     192.176.3.132   TCP
    [TCP Dup ACK 3379#3] 56791 > 29900 [ACK] Seq=1 Ack=269280 Win=254 Len=0
SLE=270296 SRE=270791

...

From what I understand there is lost packets. Is there any way to see in
what direction the packets are getting dropped/lost?

Why is 10.32.22.90 sending the same ACK multiple times? Is "he" waiting for
a response on the ACK?? It does not make sence to me.

Regrads,
Thomas

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault