Hi list,
The other day I was looking at a TCP sequence that went like:
time: sequence:
0 1-10
2 11-20
2.1 1-20
The last frame was a retransmission of the first frame but the TCP
implementation in question (XP) decided to stick the data from the 2nd
frame in there, too.
Wireshark called the 3rd frame an out of order packet which confused me
a bit. The test for an out of order packet is the same as that for a
retransmission plus an additional test to see if that frame arrived
within 3ms of of the highest sequence number (with a note that 3ms is
arbitrary).
This seems an odd definition of "out of order" but I haven't really
figured out how to define it. What makes the most sense to me so far is
"if it looks like a retransmission but we've already seen an ack for it"
though that doesn't seem quite right either (just because we saw the ack
doesn't mean the intended recipient did).
Any ideas?
-J
