Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4747] bytes missing in capture

Date: Thu, 6 May 2010 07:13:11 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4747

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #4 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-05-06 07:13:09 PDT ---
Well, yes, your capture file is missing a lot of bytes.  For example:

44 2010-05-06 09:00:55.878195 172.16.8.115          196.211.215.27             
   TCP      8553 > 9119 [PSH, ACK] Seq=3248537338 Ack=2967433359 Win=64240
Len=1000

is followed immediately by an ACK:

     45 2010-05-06 09:00:55.879303 196.211.215.27        172.16.8.115         
Warn     TCP      [TCP ACKed lost segment] 9119 > 8553 [ACK] Seq=2967433359
Ack=3248539798 Win=10220 Len=0

that is (3248539798-3248537338) == 2460 bytes later than what was sent in the
previous packet.  This is noted in the Info column and also in the expert info
attached to the ACK.

You might want to investigate why so many packets are missing from the capture
file--maybe they were dropped during capturing?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.