Wireshark · Wireshark-dev: Re: [Wireshark-dev] Wireshark may get ISN wrong

Wireshark-dev: Re: [Wireshark-dev] Wireshark may get ISN wrong

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>

Date: Tue, 18 Nov 2014 16:50:25 +0000

Hi Matt,

Thanks for your input, there's information about reporting bugs[1] and submitting patches[2] on the wiki.

[1]: http://wiki.wireshark.org/ReportingBugs

[2]: http://wiki.wireshark.org/Development/SubmittingPatches

On 18 November 2014 16:37, Matt <mattator@xxxxxxxxx> wrote:

Find enclosed a fix for HEAD.

% git diff --stat
epan/dissectors/packet-tcp.c | 8 +++++---
epan/dissectors/packet-tcp.h | 5 ++---
2 files changed, 7 insertions(+), 6 deletions(-)

2014-11-18 15:54 GMT+01:00 Matt <mattator@xxxxxxxxx>:
> Thanks for the suggestion but relative seq nb is a really nice feature
> I use for plotting and analyzing data. If the TCP ISN can be 0 (I
> believe it can ?) then my report qualifies as a bug. The fix should be
> a ~10 lines patch with the expense of a boolean in tcp_analysis. I am
> willing to send a patch for it.
>
> 2014-11-17 18:41 GMT+01:00 ronnie sahlberg <ronniesahlberg@xxxxxxxxx>:
>> You can just disable relative sequence numbers in the preferences for tcp.
>>
>>
>> On Mon, Nov 17, 2014 at 9:38 AM, Matt <mattator@xxxxxxxxx> wrote:
>>> Hi,
>>>
>>> I use wireshark to examinate some traces generated by a network
>>> simulator (ns3 www.nsnam.org) which set the ISN to 0 (no randomization
>>> yet).
>>> As wireshark assumes base_seq == 0 to be an unitialized value, it
>>> triggers some error as wireshark tries to set again and again the base
>>> seq. Here is the output of a single 3WHS (custom printf), in peculiar
>>> in the 4th line, which is the ACK of the 3WHS, wiresharks sets
>>> base_seq =seq-1, ie 0-1 and it wraps the seq number (ugly).
>>>
>>> Setting base seq to : 0
>>> Setting base seq to : 0
>>> Setting rev base seq to : 0
>>> Setting base seq to : 4294967295
>>> Setting rev base seq to : 0
>>> Setting rev base seq to : 0
>>> Setting base seq to : 0
>>> Setting base seq to : 0
>>> Setting rev base seq to : 0
>>> Setting base seq to : 0
>>> Setting rev base seq to : 0
>>> Setting base seq to : 1
>>>
>>> I understand it seems a corner case but I don't believe have an ISN
>>> equal to 0 is forbidden by the RFC ?!
>>> I was wondering if I could add some boolean such as "base_seq_set" in
>>> mptcp_info_t to prevent such a behavior.
>>>
>>> Regards
>>> Matt

Graham Bloice

References:
- [Wireshark-dev] Wireshark may get ISN wrong
  - From: Matt
- Re: [Wireshark-dev] Wireshark may get ISN wrong
  - From: ronnie sahlberg
- Re: [Wireshark-dev] Wireshark may get ISN wrong
  - From: Matt
- Re: [Wireshark-dev] Wireshark may get ISN wrong
  - From: Matt

Prev by Date: Re: [Wireshark-dev] Wireshark may get ISN wrong
Next by Date: Re: [Wireshark-dev] QT graphics version for Windows
Previous by thread: Re: [Wireshark-dev] Wireshark may get ISN wrong
Next by thread: [Wireshark-dev] QT graphics version for Windows
Index(es):
- Date
- Thread