Wireshark · Ethereal-users: Re: [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP messages

Ethereal-users: Re: [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP mess

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sun, 06 Mar 2005 17:51:50 -0800

Bjorn Townsend wrote:

I was troubleshooting an issue involving path MTU discovery today and
was looking at an ICMP Destination Unreachable packet in Ethereal
0.10.9. I noticed that even though the ICMP packet contained the
source port, destination port and sequence number of the original
datagram, Ethereal only decoded the source and destination port; the
sequence number was recognized as being TCP data but was not decoded.

If by "decoded" you mean "analyzed", as per the TCP sequence numberanalysis, that's by design.

If by "decoded" you mean "displayed as a sequence number or ack number",that's not by design - and the only obvious thing I can see in the codethat would cause it would be the requirement that the entire TCP header(not counting options) be present in the packet. Is that the problem?

If we move the sequence number analysis *after* the point at which weput the sequence numbers into the protocol tree, we might be able to fixthat. Ronnie?

References:
- [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP messages
  - From: Bjorn Townsend

Prev by Date: Re: [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP messages
Next by Date: Fwd: [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP messages
Previous by thread: Re: [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP messages
Next by thread: Fwd: [Ethereal-users] Decoding of TCP sequence numbers contained within ICMP messages
Index(es):
- Date
- Thread