I am trying to get some clarification on something I read here:
how to calculate packet loss from a binary TCPDUMP file
The first answer says that the sequence number will be the same from client to server and from server to client the ack would be the same and this would tell you which side is doing the retransmit. However, when I get output such as this:
10:58:15.317823 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040385, ack 56380, win 32768, length 117
10:58:15.317841 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040385:3040470, ack 56380, win 32768, length 85
10:58:15.550090 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040470, ack 56380, win 32768, length 202
10:58:15.811131 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040470, ack 56380, win 32768, length 202
10:58:16.133386 IP 1.2.3.4.50245 > 5.6.7.8.443: Flags [P.], seq 3040268:3040470, ack 56380, win 32768, length 202
In this example, the first 2 lines have different sequence numbers and the same ack but its a packet from the client to the server, so which side is doing the retransmit here?
In the last 3 lines both the sequence numbers and the acks are the same, so how do you know which side is retransmitting the packet? Note that in this example 1.2.3.4 is the client and 5.6.7.8 is the server.
Best Answer
These are retransmits from the client to the server. Here's what's happening:
We know these are retransmits from the client because all the packets are from the client to the server. We know they are retransmits because the sequence number is the same i.e. it's sending the same data over and over.