[Winpcap-users] TCP Retransmission
Bryan Kadzban
bryan at kadzban.is-a-geek.net
Thu Oct 25 01:27:02 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
ceo wrote:
> 1. How does the sniffer software know that its a retransmission?
By looking at the TCP sequence number. See RFC 793, section 1.5, under
the "reliability" subsection. I don't think that text is actually part
of the strict requirements in the RFC, but it's a good overview.
> 2. The retransmitted packet is sent before the receiver acked the
> previous packet or reacted to it whatsoever, so why did the sender
> retransmitted it at all?
Because the sender thought the receiver didn't get it (because the
sender never got an ACK for those bytes). See the above-mentioned RFC
subsection: "If the ACK is not received within a timeout interval, the
data is retransmitted."
(IP is not reliable: it does not guarantee that any particular datagram
(in this case, the first packet) gets received by the machine at the
destination IP address. It also does not guarantee that datagrams are
received in any particular order, BTW.)
> 3. How does the receiver treats the 2 packets, does he neglect any of
> them?
Duplicate datagrams are ignored by the target stack, yes. Again, it's
in the RFC, in section 1.5, under "reliability":
> At the receiver, the sequence numbers are used to correctly order
> segments that may be received out of order and to eliminate
> duplicates.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHH/DkS5vET1Wea5wRA+9kAJ0fzkdZvse+V+PXG5+oPhnD2n884gCfTtZe
cwGZ76j/S0HYoIHjj/WFxfE=
=ehoK
-----END PGP SIGNATURE-----
More information about the Winpcap-users
mailing list