Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Wireshark may get ISN wrong

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Matt <mattator@xxxxxxxxx>
Date: Tue, 18 Nov 2014 15:54:55 +0100
Thanks for the suggestion but relative seq nb is a really nice feature
I use for plotting and analyzing data. If the TCP ISN can be 0 (I
believe it can ?) then my report qualifies as a bug. The fix should be
a ~10 lines patch with the expense of a boolean in tcp_analysis. I am
willing to send a patch for it.

2014-11-17 18:41 GMT+01:00 ronnie sahlberg <ronniesahlberg@xxxxxxxxx>:
> You can just disable relative sequence numbers in the preferences for tcp.
>
>
> On Mon, Nov 17, 2014 at 9:38 AM, Matt <mattator@xxxxxxxxx> wrote:
>> Hi,
>>
>> I use wireshark to examinate some traces generated by a network
>> simulator (ns3 www.nsnam.org) which set the ISN to 0 (no randomization
>> yet).
>> As wireshark assumes base_seq == 0 to be an unitialized value, it
>> triggers some error as wireshark tries to set again and again the base
>> seq. Here is the output of a single 3WHS (custom printf), in peculiar
>> in the 4th line, which is the ACK of the 3WHS, wiresharks sets
>> base_seq =seq-1, ie 0-1 and it wraps the seq number (ugly).
>>
>> Setting base seq to : 0
>> Setting base seq to : 0
>> Setting rev base seq to : 0
>> Setting base seq to : 4294967295
>> Setting rev base seq to : 0
>> Setting rev base seq to : 0
>> Setting base seq to : 0
>> Setting base seq to : 0
>> Setting rev base seq to : 0
>> Setting base seq to : 0
>> Setting rev base seq to : 0
>> Setting base seq to : 1
>>
>> I understand it seems a corner case but I don't believe have an ISN
>> equal to 0 is forbidden by the RFC ?!
>> I was wondering if I could add some boolean such as "base_seq_set" in
>> mptcp_info_t to prevent such a behavior.
>>
>> Regards
>> Matt
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube