Wireshark-bugs: [Wireshark-bugs] [Bug 4747] bytes missing in capture
Date: Thu, 6 May 2010 07:13:11 -0700 (PDT)

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #4 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-05-06 07:13:09 PDT ---
Well, yes, your capture file is missing a lot of bytes.  For example:

44 2010-05-06 09:00:55.878195             
   TCP      8553 > 9119 [PSH, ACK] Seq=3248537338 Ack=2967433359 Win=64240

is followed immediately by an ACK:

     45 2010-05-06 09:00:55.879303         
Warn     TCP      [TCP ACKed lost segment] 9119 > 8553 [ACK] Seq=2967433359
Ack=3248539798 Win=10220 Len=0

that is (3248539798-3248537338) == 2460 bytes later than what was sent in the
previous packet.  This is noted in the Info column and also in the expert info
attached to the ACK.

You might want to investigate why so many packets are missing from the capture
file--maybe they were dropped during capturing?

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.