Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4871] New: Wrong Ack value in TCP flow graph when using re

Date: Fri, 11 Jun 2010 17:46:19 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4871

           Summary: Wrong Ack value in TCP flow graph when using relativ
                    sequence numbers
           Product: Wireshark
           Version: 1.4.0
          Platform: Other
        OS/Version: Windows 7
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: rleutert@xxxxxxxxxx


Created an attachment (id=4787)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4787)
Wrong Ack value in first frame of flow graph

Build Information:
Version 1.4.0rc1 (SVN Rev 33190 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jun
 9 2010), with AirPcap.

Running on 32-bit Windows 7, build 7600, with WinPcap version 4.1.1 (packet.dll
version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, with AirPcap 4.1.1 build 1838.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When relative sequence number is activated, the first frame (SYN) of the TCP
flow graph contains a wrong Ach number value. This is because this field is
also decremented by the same offset value used for the Ack fields in the
following frames. But as this Ack field is always zero in the first SYN frame,
we are ending up having the value 2^32 minus offset in this field. See enclosed
screenshot. 

Best regards Rolf Leutert

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.