ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 10503] New: TCP sequence number rollover: Wireshark incorr

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 25 Sep 2014 18:00:51 +0000
Bug ID 10503
Summary TCP sequence number rollover: Wireshark incorrectly thinks it is retransmission
Product Wireshark
Version 1.12.0
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Build Information:
Version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 31 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
       Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz, with 8117MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I have a single TCP connection in which one side is sending a lot of bytes.
(Reading from NFS server)  Eventually TCP sequence number rolls over.

The dissector does not understand that the rollover is normal,
and incorrectly identifies the packets after the rollover as retransmissions.


In the trace I will attach:
Problem:
  TCP sequence number rollover.  TCP dissector thinks it is seeing a
retransmission.
  (Also shows up in Expert Infos)


N=724834 src="" Seq=4294965561

N=724836 src="" Seq=7213

N=724854 src="" Seq=117241
  Error: Reassembly error, protocol TCP:    New fragment overlaps old data
(retransmission?)


Thank you.

KH

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube