7

I'm monitoring the network activities between two processes on compute:42967 and controller:5672(controller.amqp). It captured compute.42967 with three SYN(they have the same seq number) while the receiver only ACK the third one.

Here is what I got:

18:53:46.777127 IP compute.42967 > controller.amqp: Flags [S], seq 3580103820, win 14600, options [mss 1460,sackOK,TS val 101569289 ecr 0,nop,wscale 7], length 0
18:53:47.779406 IP compute.42967 > controller.amqp: Flags [S], seq 3580103820, win 14600, options [mss 1460,sackOK,TS val 101570292 ecr 0,nop,wscale 7], length 0
18:53:49.783411 IP compute.42967 > controller.amqp: Flags [S], seq 3580103820, win 14600, options [mss 1460,sackOK,TS val 101572296 ecr 0,nop,wscale 7], length 0
18:53:52.786097 IP controller.amqp > compute.42967: Flags [S.], seq 796283360, ack 3580103821, win 14480, options [mss 1460,sackOK,TS val 97164912 ecr 101572296,nop,wscale 7], length 0
18:53:52.786139 IP compute.42967 > controller.amqp: Flags [.], ack 1, win 115, options [nop,nop,TS val 101575298 ecr 97164912], length 0
18:54:02.788808 IP controller.amqp > compute.42967: Flags [R.], seq 1, ack 1, win 114, options [nop,nop,TS val 97174914 ecr 101575298], length 0

The three SYN differ in val XXXXX, which is in the bracket, such as

[mss 1460,sackOK,TS val 101569289 ecr 0,nop,wscale 7]

Does val distinguish different TCP segment? If not, what does it mean?

xywang
  • 389
  • 1
  • 2
  • 12

1 Answers1

10

The TS value is a TCP timestamp; it helps determine the order that packets were sent -- see https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure

It does not strictly distinguish TCP segments; that is the job of the sequence number which is after the seq.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255