http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1542
Summary: Incorrect relative TCP sequence numbers in some
instances
Product: Wireshark
Version: 0.99.5
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: kerrw@xxxxxxxx
Build Information:
Version 0.99.5 (SVN Rev 20677)
--
This applies when analyzing traces captured with two NG Sniffer software
versions.
- When viewing Sniffer traces with absolute TCP sequence numbers, the sequence
and ack numbers agree for both Sniffer versions.
- When viewing Sniffer traces with relative TCP sequence numbers, the sequence
and ack numbers differ by 1 depending on the Sniffer software version used to
capture the trace. For example (I'm not sure if I can attach the files, but
I'll try. If I can't, just email me and I'll send the traces):
- In both traces, the absolute sequence and ack numbers agree
- In the trace, WAN_to_LAN_Router_Filtered_Registar_2.cap, frame 8,
captured with a laptop running Sniffer v4.7.5, the relative seq=31 and ack=29.
- In the trace, E1_to_Interact_Filtered_Registar_2.cap, frame 7, captured
with a Distributed Sniffer running v4.70.227, the relative seq=30 and ack=29.
- These two traces are taken at different locations in the network but are
of the same connection. The frame number differs because the DSS appears to
have missed a frame (should have been #2, the SYN,ACK of the 3-way handshake).
Bill Kerr
kerrw@xxxxxxxx
702-592-1845
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
