09-17-2015 07:23 PM - edited 03-05-2019 02:20 AM
Hi All,
I'm having an issue here where i need some different opinion regarding TCP Duplicate ACK in the stream.
We did a packet capture in the Cisco IPS 4510 where it is installed in-line mode in between the Internet router and firewall.
When we did a packet capture in the IPS, we can see hundreds of TCP Dup ACK packet coming in and going out of the network.
I'm wondering what may have causing this type of stream in large number and quite consistent.
The bandwidth subscribed from the ISP is only 30Mbps. We are running Cisco 3900 series router for the internet connection.
Attach is the packet capture and you can see the number of Duplicate ACK is quite high.

 
					
				
		
09-17-2015 08:08 PM
Hi Anur,
Dup-ACK means the segment with SEQ# mentioned in Dup-Ack is not received by receiver. A dropped packet or out-of-order packet may result in receiver sending such Dup-ACK till it receive the segment from sender.
-Nagendra
09-18-2015 05:21 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Nagendra already noted, dup ACKs are caused by "missing" packet when subsequent packets are received. The question is, is the missing packet really lost or just delivered out of sequenced?
With a detail packet trace capture, you can tell which. If there's an ACL for a higher sequence number, before the missing packet is retransmitted, the original packet arrived out of sequence.
09-28-2015 08:50 PM
I've work with TAC regarding the issue. seems like there is packet drop somewhere in the network. We still investigating is the drop happen internally or from the ISP.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide