Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] sctp TSN plot & retransmissions

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Thu, 20 Aug 2009 16:01:38 +0200
On Aug 20, 2009, at 2:55 PM, Cristian Constantin wrote:


On Thu, Aug 20, 2009 at 12:56:54PM +0200, Michael Tüxen wrote:

On Aug 20, 2009, at 11:47 AM, Cristian Constantin wrote:


hi!
I am trying to plot the tsns in an association's data flow; anyway the 
result is not what I expect. here are some details:

0. wireshark on linux/debian:

cco@xxx:~$ dpkg -l | grep wireshark
ii  wireshark
1.2.1-1                            network traffic analyzer
ii  wireshark-common
1.2.1-1                            network traffic analyser (common
files)

1. flow contains handshake as well.
2. at the receiver I have an iptables rule dropping SACKs and DATA on the input chain. so basically SACKs and DATA chunks arrive, wireshark 
also sees them, the application not and that is why it is initiating
retransmissions.
3. if I enable the TSN analysis from the SCTP protocol menu, it will
basically tell me when a CHUNK is retransmitted, that the SACK was
also
seen aso.
4. I am trying to plot the TSNs to have an overview (using Telephony/ 
SCTP/Analyse this association). it is showing all the TSNs up to the
ones that are retransmitted as I have explained at 2. any idea what
happens? is there a maximum number of tsns that are shown on the
graph?

No.

Is wireshark seeing the packets at all? Where are you capturing the
traffic? At the same node where iptables runs? How does iptables and
capturing interact?
cristian: wireshark sees all the packets; I think the packet capture in the 
kernel takes place before the packet hits the iptables INPUT chain.
yes, wireshark is running at the same node where iptables runs; again
it sees the packet which is dropped by the iptables (which in this case 
are containing SACK/DATA chunks).

here is a drawing:

[ node1: appl. ---- INPUT/iptables ---- wireshark ] ========== node2
              ----------DATA--------------------------------->
                          DROPPED <----------SACK/DATA--------
              ----------DATA(retrans)------------------------>
                          DROPPED <----------SACK(retrans)----

there is traffic also before the rule is added to the input chain;
this traffic is plotted; the one shown above not at all...

I'm not a Linux expert... so I can not comment on that.

Are you seeing packets containing the retransmitted DATA chunks in the
packet list, but not in the TSN plot? If yes, can you send me a capture
file which shows this?


thanks.
bye now!
cristian
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube