Hi Machiko, it seems this Guide did not always evolve at the same pace than the implementation for this part. I confirm that in fact a Spurious Retrans cannot be SYN or FIN flagged as it is an ordinary data packet for which Wireshark has already seen an acknowledgement ( = that ACK was either lost, ignored by the its receiver, or received too late ). The whole interpretation is built on what's in the capture obviously, but also on what could be missing (from sequence or ack gaps), hence some difficulties maybe to document with only 2-3 conditions what triggers such packet marks.
regards E.A. Le lun. 6 nov. 2023 à 17:31, Machiko Ichihashi <ichihas...@toyo.co.jp> a écrit : > > To whom it may concern, > > > > My name is Machiko Ichihashi, and I work as an engineer in Japan. > > I use Wireshark for my work, and I want to express my gratitude for its > usefulness. > > > > I would like to ask for an explanation of the specifications described in > Wireshark User's Guide 4.3.0. > > TCP Spurious Retransmission > > https://www.wireshark.org/docs/wsug_html_chunked/ChAdvTCPAnalysis.html > > I would like to request a clarification regarding a specification mentioned > in the Wireshark User's Guide 4.3.0. > > > > In this section, the first condition states, > > "The SYN or FIN flag is set." > > Is this condition really necessary? > > It seems that these packets should be required to be data packets, so I don’t > think the SYN or FIN flags are necessary. > > > > Could you please confirm this? > > > > Regards, > > Machiko Ichihashi/TOYO Corporation > > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
