Wireshark · Wireshark-dev: [Wireshark-dev] Wireshark's ISN handling

Wireshark-dev: [Wireshark-dev] Wireshark's ISN handling

From: Selçuk Cevher <cevhers@xxxxxxxxx>

Date: Mon, 17 Aug 2009 10:45:10 +0300

Hi,

I made some tests with Wireshark using some sample PCAP files.

I noticed that Wireshark stores the sequence number of the first segment belonging to a specific connection that it comes across in the PCAP file as the ISN (initial sequence number) of that connection.

I always thought that there might be a possibility that the first segment of a TCP stream (with the sequence number of ISN+1) may appear "after", for example, 2nd segment of a certain TCP connection.

Was this thought totally wrong that we never come across such a case ? or Does Wireshark not handle such a case which may actually occur in practice ?

Follow-Ups:
- Re: [Wireshark-dev] Wireshark's ISN handling
  - From: ronnie sahlberg

Prev by Date: Re: [Wireshark-dev] Except.c build errors
Next by Date: Re: [Wireshark-dev] Wireshark's ISN handling
Previous by thread: Re: [Wireshark-dev] Except.c build errors
Next by thread: Re: [Wireshark-dev] Wireshark's ISN handling
Index(es):
- Date
- Thread