connection hang when monitoring high-speed transfer RRS feed

  • Question

  • Hello,

    I have a WFP filter driver which routes stream data through a user-mode application. The application just inspects the data which is then reinjected into the network stack. In most cases everything works fine, but on one system (Windows 7 SP1 x64) when monitoring a large HTTP file transfer from a local server, the connections are dropped randomly. 

    I captured the transfer with NetMon and, from my analysis, it seems that the Windows network stack gets confused and starts sending ACKs for unseen packet.

    For example, the server sends x bytes of data with SEQ number y and the client, instead of sending ACK = y + x, it sends ACK = y + x + some_random_number.

    Anyone else encountering this? Is is a known bug?

    Thank you.

    Tuesday, April 23, 2013 4:02 PM