Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: non-piggy-backed ACK with total IP length = 52

From: Guy Harris <guy () alum mit edu>
Date: Sat, 26 Feb 2011 21:46:41 -0800

On Feb 26, 2011, at 8:46 PM, Andrej van der Zee wrote:


I am looking at a ACK-packet with total IP length of 52. Normally I
find non-piggy-backed ACKs only 40 bytes. In this case the ACK comes
after a retransmission. The extra 12 bytes are contained in the TCP
options. In Wireshark, it sais:

Options (12 bytes)
  NOP
  NOP
  SACK: 553-1130
     left edge: 533 (relative)
     right edge: 1130 (relative)

It seems like it tries to indicate which of the duplicate packet it
actually acknowledges by explicitly stating the byte range, in case
the retransmitted packet is longer than the original packet because
more send-data became available before the retransmission. Is my
understand correct?

What is actually contained in these extra 12 bytes?


        http://tools.ietf.org/html/rfc2018

It's saying "I saw the bytes with sequence numbers from 533 through 1129" (i.e., in the half-open interval [533, 
1130)), presumably because there are some bytes with sequence numbers preceding 553 that it hasn't yet acknowledged 
because it hasn't seen yet - it wants to have the other end re-transmit those bytes without having it also retransmit 
bytes 533-1129, which I suspect were the retransmitted bytes.


What does NOP mean?


        http://tools.ietf.org/html/rfc793#section-3.1

says:

                ...

    Currently defined options include (kind indicated in octal):

      Kind     Length    Meaning
      ----     ------    -------
       0         -       End of option list.
       1         -       No-Operation.
       2         4       Maximum Segment Size.


    Specific Option Definitions

                ...

      No-Operation

        +--------+
        |00000001|
        +--------+
         Kind=1

        This option code may be used between options, for example, to
        align the beginning of a subsequent option on a word boundary.
        There is no guarantee that senders will use this option, so
        receivers must be prepared to process options even if they do
        not begin on a word boundary.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: