Duplicate Packet or TCP retransimission?

最新推荐文章于 2024-09-26 00:03:16 发布

转载最新推荐文章于 2024-09-26 00:03:16 发布 · 427 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：http://blog.51cto.com/longbow/1422388

文章标签：

#网络

本文探讨了在网络流量分析中使用Wireshark时遇到的重复数据包问题，详细解释了TCP重传与重复包的区别，并通过IPID来识别这两种情况。对于TCP重传的数据包需要特别关注，因为它们可能揭示网络拥塞或丢包等问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

When you analyse the packet capture in wireshark, you sometimes see the similar/nearly same packets more than 1 time. It is maybe due to duplicate packet or TCP retransimission. If it is TCP retransmission, you have to pay more attention on it

The difference between duplicate packet and TCP restransmission is IP ID. For duplicate packets, IP ID of two packets is same besides the TCP sequence number is same. (Why you can see the duplicate packets in the capture is not in the scope of this discussion. If you have interested, please google it. :)

Duplicate Packet example (same IP ID and same TCP sequence number)

TCP Original packet

TCP retransmission packet

Same TCP sequence number (2171548184）but different IP ID （frame 553 ID is 48058 and frame 578 ID is 48083) for orgianl packet and retransmission packet.

转载于:https://blog.51cto.com/longbow/1422388