Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5636
Views
0
Helpful
3
Replies

TCP Duplicate ACK

Anuar Shahrin
Level 1
Level 1

‎09-17-2015 07:23 PM - edited ‎03-05-2019 02:20 AM

Hi All,

 

I'm having an issue here where i need some different opinion regarding TCP Duplicate ACK in the stream.

We did a packet capture in the Cisco IPS 4510 where it is installed in-line mode in between the Internet router and firewall.

When we did a packet capture in the IPS, we can see hundreds of TCP Dup ACK packet coming in and going out of the network.

I'm wondering what may have causing this type of stream in large number and quite consistent.

The bandwidth subscribed from the ISP is only 30Mbps. We are running Cisco 3900 series router for the internet connection.

Attach is the packet capture and you can see the number of Duplicate ACK is quite high.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

‎09-17-2015 08:08 PM

Hi Anur,

Dup-ACK means the segment with SEQ# mentioned in Dup-Ack is not received by receiver. A dropped packet or out-of-order packet may result in receiver sending such Dup-ACK till it receive the segment from sender.

 

-Nagendra

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Nagendra Kumar Nainar

‎09-18-2015 05:21 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Nagendra already noted, dup ACKs are caused by "missing" packet when subsequent packets are received.  The question is, is the missing packet really lost or just delivered  out of sequenced?

With a detail packet trace capture, you can tell which.  If there's an ACL for a higher sequence number, before the missing packet is retransmitted, the original packet arrived out of sequence.

0 Helpful

Anuar Shahrin
Level 1
Level 1
In response to Joseph W. Doherty

‎09-28-2015 08:50 PM

I've work with TAC regarding the issue. seems like there is packet drop somewhere in the network. We still investigating is the drop happen internally or from the ISP.

0 Helpful
Customers Also Viewed These Support Documents