mass "tcp dup ack" in wireshark capture

Unanswered Question
Sep 11th, 2009

Hi,

the users experience significant slow Citrix performance. Citrix server's ip is 192.168.1.4. I setup span on switch, and captured packets via Wireshark. in the packets, I notice some tcp duplicate ack, e.g. since #428. Could this indicate something? by the way, 192.168.1.3 is a file server.

thanks,

Jon

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 09/11/2009 - 11:46

Hello Jonathan,

this can come from the way you have configured the monitor session:

if the source is a vlan and you receive both tx and rx each packet is seen twice on the sniffer one for the port that receives it one for the port that sends out it.

This shouldn't be a sign of a real problem.

I've examined some packet captures few days ago and they showed the same massive tcp dupl. but this was not real in my case.

Hope to help

Giuseppe

xiaoliangyue Fri, 09/11/2009 - 11:55

the source is Citrix server interface only, both tx & rx.

thanks, Giuseppe!

Actions

This Discussion