Wireshark mailing list archives

Re: SACK_PERM=1

From: Sake Blok <sake () euronet nl>
Date: Tue, 17 Jul 2012 00:20:53 +0200

On 16 jul 2012, at 22:30, Derrenbacker, L. Jonathan wrote:

I’m doing a packet capture of a web app not authenticating correctly and I see some TCP packets with the 
“SACK_PERM=1” option set.
Can anyone explain what that option does.


See: http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgments

There are some problems with SACK on certain devices. One example is a Cisco ASA with Initial Sequence Numbering 
enabled. It does not translate the sequence numbers in the SACK TCP option (at least with some version of the ASA SW, 
maybe with recent versions it does work). What you would see in that case is an endless loop of retransmissions of the 
wrong segment(s).

In itself the SACK_PERM=1 should not be related to your authentication problems.

Cheers,
Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

SACK_PERM=1 Derrenbacker, L. Jonathan (Jul 16)
- Re: SACK_PERM=1 Sake Blok (Jul 16)
- Re: SACK_PERM=1 Forthofer Russ (Jul 17)