ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Feature request - TCP Retransmission labeling

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ListSrv <listsrv@xxxxxxxxxx>
Date: Wed, 06 Aug 2003 23:38:06 +0200


Guy Harris wrote:



On Wednesday, August 6, 2003, at 1:54 PM, ListSrv wrote:
Actually I am implementing the retransmission-feature. It should identify: 
-   retransmission number
-   the framenumber of the original frame
-   delta-time of previous retransmitted frame
There  is one issue that is waiting for distribute the feature:
A retransmission can be:
- a real retransmission (SEQ is the same as in the original frame, de IP-identifer 
   however is different)
- a duplicated frame (SEQ en IP-identifer are the same, but the MAC-address is 
    different but de TTL is dropping (e.g. there is a routing loop)
-   none of above (e.g. router-on-a-stick).
Therefore I have to access the MAC-frames from every source en retransmitted 
frame. I have not figured that one out.....:(
You're assuming there *IS* a MAC frame or a MAC address. There isn't necessarily one. 

Yes, I noticed....life ain't easy ..:)
The current retransmission feature doesn't bother with all that; perhaps it's a 90% solution, but that might be good enough.
It does a good job, however there are several 'duplicated acks' which are in fact retransmissions. There are also retransmissions (loops and routers-on-a-stick) which aren't retransmissions. So this can be fine-tuned.
If you still want to check the IP identifier, you'd have to modify the IPv4 and IPv6 dissectors to supply it to the dissectors they call.
I modifed the IPv4 dissector (and added a field for IP-identifier). How come the full IP-header is not coded into the ip_hdr structure (at 
least I couldn't find it).
For IPv6 I have to dive into the IPv6 protocol.
If you still want to check the link-layer address, you can check pinfo->dl_src and pinfo->dl_dst; do *NOT* assume that they're Ethernet-style addresses. Instead, see the "CMP_ADDRESS()", "ADDRESSES_EQUAL()", and "COPY_ADDRESS()" macros in "epan/packet_info.h". 

Done that .... I used this macros already.
Note also that, as per my earlier mail, a TCP retransmission can retransmit data from more than one earlier TCP segment....
That's correct, and for Telnet it seems to work. I use the tcp_unacked structure to walk through the unacked list (this isn't 100% because we can get a delayed framed which we already ACKed and removed from de list....
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube