![tcp retransmission wireshark tcp retransmission wireshark](https://i.stack.imgur.com/Fkbck.png)
There is NO warranty not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. License GPLv2+: GNU GPL version 2 or later This is free software see the source for copying conditions. Here and below I report data regarding port 9002 only: Wireshark_trace_with_erroneous_retransmissions.pcapng
TCP RETRANSMISSION WIRESHARK FULL
Here the full trace capture with the false positive retransmissions: The following lua dissector is just to make sense of the traffic on port 9000, 9001, 9002: Wireshark should realize that the connection has been RST'ed so his validation should start from the most recent succesfully syn syn/ack ack. What is the current bug behavior?Īll subsequent packets after the valid syn syn/ack ack are erroneously considered by wireshark as retransmissions What is the expected correct behavior? It all start when the other peer sends a SYN/ACK with a wrong "acknowledge number" during the three way tcp hadnshake. Unfortunately all subsequent packets in such tcp stream are erroneously considered by wireshark as retransmissions.
![tcp retransmission wireshark tcp retransmission wireshark](http://i.stack.imgur.com/N2FR8.png)
Sometime during initial TCP three way-handshake we receive a SYN/ACK with a wrong "acknowledge number".ĭue to that session is RST'ed and new SYN, SYN/ACK, ACK is then fully established.