THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 3
grahamb's avatar
23.8k
grahamb
updated 2022-10-27 09:53:05 +0000

v4.0.0 TCP ACKed unseen segment

Hi experts,

For the TCP Analysis , Version 4.0.0 vs 3.6.8 , why is there such a difference?

4.0.0 : [TCP ACKed unseen segment]  count 7

3.6.8 :[TCP ACKed unseen segment]  count 3

Version 4.0.0 (v4.0.0-0-g0cbe09cd796b)

No. Time    Source  Destination Protocol    Stream  Seq NextSeq Ack Length  Info
1   19:59:17.739060000  10.0.0.1    172.16.0.1  TCP 0   0   1   0   66  50000 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1418 WS=256 SACK_PERM
2   19:59:17.744753000  172.16.0.1  10.0.0.1    TCP 0   0   1   1   66  445 → 50000 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM
3   19:59:17.744869000  10.0.0.1    172.16.0.1  TCP 0   1   1   1   60  50000 → 445 [ACK] Seq=1 Ack=1 Win=66560 Len=0
4   20:00:14.600295000  10.0.0.1    172.16.0.1  TCP 0   20037   20289   23628   306 [   ] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252
5   20:00:14.606207000  172.16.0.1  10.0.0.1    TCP 0   23628   23816   20289   242 [TCP ACKed unseen segment] [TCP Previous segment not captured] 445 → 50000 [PSH, ACK] Seq=23628 Ack=20289 Win=131840 Len=188
6   20:00:14.606690000  10.0.0.1    172.16.0.1  TCP 0   20289   20510   23816   275 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20289 Ack=23816 Win=65792 Len=221
7   20:00:14.612473000  172.16.0.1  10.0.0.1    TCP 0   23816   24020   20510   258 [TCP ACKed unseen segment] 445 → 50000 [PSH, ACK] Seq=23816 Ack=20510 Win=131584 Len=204
8   20:00:14.612488000  10.0.0.1    172.16.0.1  TCP 0   20510   20618   24020   162 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20510 Ack=24020 Win=65536 Len=108
9   20:00:14.618430000  172.16.0.1  10.0.0.1    TCP 0   24020   24128   20618   162 [TCP ACKed unseen segment] 445 → 50000 [PSH, ACK] Seq=24020 Ack=20618 Win=131328 Len=108
10  20:00:14.618733000  10.0.0.1    172.16.0.1  TCP 0   20618   20710   24128   146 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20618 Ack=24128 Win=65536 Len=92

Version 3.6.8 (v3.6.8-0-gd25900c51508)

No. Time    Source  Destination Protocol    Stream  Seq NextSeq Ack Length  Info
1   19:59:17.739060 10.0.0.1    172.16.0.1  TCP 0   0   1   0   66  50000 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1418 WS=256 SACK_PERM=1
2   19:59:17.744753 172.16.0.1  10.0.0.1    TCP 0   0   1   1   66  445 → 50000 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
3   19:59:17.744869 10.0.0.1    172.16.0.1  TCP 0   1   1   1   60  50000 → 445 [ACK] Seq=1 Ack=1 Win=66560 Len=0
4   20:00:14.600295 10.0.0.1    172.16.0.1  TCP 0   20037   20289   23628   306 [TCP ACKed unseen segment] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252
5   20:00:14.606207 172.16.0.1  10.0.0.1    TCP 0   23628   23816   20289   242 [TCP ACKed unseen segment] [TCP Previous segment not captured] 445 → 50000 [PSH, ACK] Seq=23628 Ack=20289 Win=131840 Len=188
6   20:00:14.606690 10.0.0.1    172.16.0.1  TCP 0   20289   20510   23816   275 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20289 Ack=23816 Win=65792 Len=221
7   20:00:14.612473 172.16.0.1  10.0.0.1    TCP 0   23816   24020   20510   258 445 → 50000 [PSH, ACK] Seq=23816 Ack=20510 Win=131584 Len=204
8   20:00:14.612488 10.0.0.1    172.16.0.1  TCP 0   20510   20618   24020   162 50000 → 445 [PSH, ACK] Seq=20510 Ack=24020 Win=65536 Len=108
9   20:00:14.618430 172.16.0.1  10.0.0.1    TCP 0   24020   24128   20618   162 445 → 50000 [PSH, ACK] Seq=24020 Ack=20618 Win=131328 Len=108
10  20:00:14.618733 10.0.0.1    172.16.0.1  TCP 0   20618   20710   24128   146 50000 → 445 [PSH, ACK] Seq=20618 Ack=24128 Win=65536 Len=92

Regards, 7ACE

Revision 2
7ACE's avatar
40
7ACE
updated 2022-10-19 06:14:56 +0000

v4.0.0 TCP ACKed unseen segment

Hi experts,

For the TCP Analysis , Version 4.0.0 vs 3.6.8 , why is there such a difference?

4.0.0 : [TCP ACKed unseen segment]  count 7

7
 
3.6.8 :[TCP ACKed unseen segment]  count 3

3

Version 4.0.0 (v4.0.0-0-g0cbe09cd796b)

 
No. Time    Source  Destination Protocol    Stream  Seq NextSeq Ack Length  Info
Info
 
1   19:59:17.739060000  10.0.0.1    172.16.0.1  TCP 0   0   1   0   66  50000 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1418 WS=256 SACK_PERM
SACK_PERM
 
2   19:59:17.744753000  172.16.0.1  10.0.0.1    TCP 0   0   1   1   66  445 → 50000 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM
SACK_PERM
 
3   19:59:17.744869000  10.0.0.1    172.16.0.1  TCP 0   1   1   1   60  50000 → 445 [ACK] Seq=1 Ack=1 Win=66560 Len=0
Len=0
 
4   20:00:14.600295000  10.0.0.1    172.16.0.1  TCP 0   20037   20289   23628   306 [   ] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252
 
5   20:00:14.606207000  172.16.0.1  10.0.0.1    TCP 0   23628   23816   20289   242 [TCP ACKed unseen segment] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252
5   20:00:14.606207000  172.16.0.1  10.0.0.1    TCP 0   23628   23816   20289   242 [TCP ACKed unseen segment] [TCP Previous segment not captured] 445 → 50000 [PSH, ACK] Seq=23628 Ack=20289 Win=131840 Len=188
Len=188
 
6   20:00:14.606690000  10.0.0.1    172.16.0.1  TCP 0   20289   20510   23816   275 [TCP ACKed unseen segment] [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20289 Ack=23816 Win=65792 Len=221
Len=221
 
7   20:00:14.612473000  172.16.0.1  10.0.0.1    TCP 0   23816   24020   20510   258 [TCP ACKed unseen segment] [TCP ACKed unseen segment] 445 → 50000 [PSH, ACK] Seq=23816 Ack=20510 Win=131584 Len=204
Len=204
 
8   20:00:14.612488000  10.0.0.1    172.16.0.1  TCP 0   20510   20618   24020   162 [TCP ACKed unseen segment] [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20510 Ack=24020 Win=65536 Len=108
Len=108
 
9   20:00:14.618430000  172.16.0.1  10.0.0.1    TCP 0   24020   24128   20618   162 [TCP ACKed unseen segment] [TCP ACKed unseen segment] 445 → 50000 [PSH, ACK] Seq=24020 Ack=20618 Win=131328 Len=108
Len=108
 
10  20:00:14.618733000  10.0.0.1    172.16.0.1  TCP 0   20618   20710   24128   146 [TCP ACKed unseen segment] [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20618 Ack=24128 Win=65536 Len=92

Len=92

Version 3.6.8 (v3.6.8-0-gd25900c51508)

 
No. Time    Source  Destination Protocol    Stream  Seq NextSeq Ack Length  Info
Info
 
1   19:59:17.739060 10.0.0.1    172.16.0.1  TCP 0   0   1   0   66  50000 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1418 WS=256 SACK_PERM=1
SACK_PERM=1
 
2   19:59:17.744753 172.16.0.1  10.0.0.1    TCP 0   0   1   1   66  445 → 50000 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
SACK_PERM=1
 
3   19:59:17.744869 10.0.0.1    172.16.0.1  TCP 0   1   1   1   60  50000 → 445 [ACK] Seq=1 Ack=1 Win=66560 Len=0
Len=0
 
4   20:00:14.600295 10.0.0.1    172.16.0.1  TCP 0   20037   20289   23628   306 [TCP ACKed unseen segment] [TCP ACKed unseen segment] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252
Len=252
 
5   20:00:14.606207 172.16.0.1  10.0.0.1    TCP 0   23628   23816   20289   242 [TCP ACKed unseen segment] [TCP ACKed unseen segment] [TCP Previous segment not captured] 445 → 50000 [PSH, ACK] Seq=23628 Ack=20289 Win=131840 Len=188
Len=188
 
6   20:00:14.606690 10.0.0.1    172.16.0.1  TCP 0   20289   20510   23816   275 [TCP ACKed unseen segment] [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20289 Ack=23816 Win=65792 Len=221
Len=221
 
7   20:00:14.612473 172.16.0.1  10.0.0.1    TCP 0   23816   24020   20510   258 445 → 50000 [PSH, ACK] Seq=23816 Ack=20510 Win=131584 Len=204
Len=204
 
8   20:00:14.612488 10.0.0.1    172.16.0.1  TCP 0   20510   20618   24020   162 50000 → 445 [PSH, ACK] Seq=20510 Ack=24020 Win=65536 Len=108
Len=108
 
9   20:00:14.618430 172.16.0.1  10.0.0.1    TCP 0   24020   24128   20618   162 445 → 50000 [PSH, ACK] Seq=24020 Ack=20618 Win=131328 Len=108
Len=108
 
10  20:00:14.618733 10.0.0.1    172.16.0.1  TCP 0   20618   20710   24128   146 50000 → 445 [PSH, ACK] Seq=20618 Ack=24128 Win=65536 Len=92
Len=92

Regards, 7ACE

Revision 1
7ACE's avatar
40
7ACE
asked 2022-10-18 02:41:49 +0000

v4.0.0 TCP ACKed unseen segment

Hi experts,

For the TCP Analysis , Version 4.0.0 vs 3.6.8 , why is there such a difference?

4.0.0 : [TCP ACKed unseen segment] count 7

3.6.8 :[TCP ACKed unseen segment] count 3

Version 4.0.0 (v4.0.0-0-g0cbe09cd796b)

No. Time Source Destination Protocol Stream Seq NextSeq Ack Length Info

1 19:59:17.739060000 10.0.0.1 172.16.0.1 TCP 0 0 1 0 66 50000 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1418 WS=256 SACK_PERM

2 19:59:17.744753000 172.16.0.1 10.0.0.1 TCP 0 0 1 1 66 445 → 50000 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM

3 19:59:17.744869000 10.0.0.1 172.16.0.1 TCP 0 1 1 1 60 50000 → 445 [ACK] Seq=1 Ack=1 Win=66560 Len=0

4 20:00:14.600295000 10.0.0.1 172.16.0.1 TCP 0 20037 20289 23628 306 [ ] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252

5 20:00:14.606207000 172.16.0.1 10.0.0.1 TCP 0 23628 23816 20289 242 [TCP ACKed unseen segment] [TCP Previous segment not captured] 445 → 50000 [PSH, ACK] Seq=23628 Ack=20289 Win=131840 Len=188

6 20:00:14.606690000 10.0.0.1 172.16.0.1 TCP 0 20289 20510 23816 275 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20289 Ack=23816 Win=65792 Len=221

7 20:00:14.612473000 172.16.0.1 10.0.0.1 TCP 0 23816 24020 20510 258 [TCP ACKed unseen segment] 445 → 50000 [PSH, ACK] Seq=23816 Ack=20510 Win=131584 Len=204

8 20:00:14.612488000 10.0.0.1 172.16.0.1 TCP 0 20510 20618 24020 162 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20510 Ack=24020 Win=65536 Len=108

9 20:00:14.618430000 172.16.0.1 10.0.0.1 TCP 0 24020 24128 20618 162 [TCP ACKed unseen segment] 445 → 50000 [PSH, ACK] Seq=24020 Ack=20618 Win=131328 Len=108

10 20:00:14.618733000 10.0.0.1 172.16.0.1 TCP 0 20618 20710 24128 146 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20618 Ack=24128 Win=65536 Len=92

Version 3.6.8 (v3.6.8-0-gd25900c51508)

No. Time Source Destination Protocol Stream Seq NextSeq Ack Length Info

1 19:59:17.739060 10.0.0.1 172.16.0.1 TCP 0 0 1 0 66 50000 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1418 WS=256 SACK_PERM=1

2 19:59:17.744753 172.16.0.1 10.0.0.1 TCP 0 0 1 1 66 445 → 50000 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

3 19:59:17.744869 10.0.0.1 172.16.0.1 TCP 0 1 1 1 60 50000 → 445 [ACK] Seq=1 Ack=1 Win=66560 Len=0

4 20:00:14.600295 10.0.0.1 172.16.0.1 TCP 0 20037 20289 23628 306 [TCP ACKed unseen segment] [TCP Previous segment not captured] 50000 → 445 [PSH, ACK] Seq=20037 Ack=23628 Win=66048 Len=252

5 20:00:14.606207 172.16.0.1 10.0.0.1 TCP 0 23628 23816 20289 242 [TCP ACKed unseen segment] [TCP Previous segment not captured] 445 → 50000 [PSH, ACK] Seq=23628 Ack=20289 Win=131840 Len=188

6 20:00:14.606690 10.0.0.1 172.16.0.1 TCP 0 20289 20510 23816 275 [TCP ACKed unseen segment] 50000 → 445 [PSH, ACK] Seq=20289 Ack=23816 Win=65792 Len=221

7 20:00:14.612473 172.16.0.1 10.0.0.1 TCP 0 23816 24020 20510 258 445 → 50000 [PSH, ACK] Seq=23816 Ack=20510 Win=131584 Len=204

8 20:00:14.612488 10.0.0.1 172.16.0.1 TCP 0 20510 20618 24020 162 50000 → 445 [PSH, ACK] Seq=20510 Ack=24020 Win=65536 Len=108

9 20:00:14.618430 172.16.0.1 10.0.0.1 TCP 0 24020 24128 20618 162 445 → 50000 [PSH, ACK] Seq=24020 Ack=20618 Win=131328 Len=108

10 20:00:14.618733 10.0.0.1 172.16.0.1 TCP 0 20618 20710 24128 146 50000 → 445 [PSH, ACK] Seq=20618 Ack=24128 Win=65536 Len=92

Regards, 7ACE