Wireshark-users: [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP tra
Greetings-
I've been using Wireshark to analyze network traffic that's being parsed by a network sniffing perl application. My recent problem is that I've discovered 2 incoming messages, occuring within nanoseconds of each other. I suspect that my network sniffer is trying to reassemble some or all of the packets of both messages into a single message. Obviously the packets from both of these transmissions adhere to one of two sequence number schemes, depending on which message they belong to.
My question is, how can I look at the sequence number of one of these packets and say for sure that it belongs to the first transmission over the second? Actually, to narrow it down a bit, due to the nature of the data I'm sniffing as soon as the SYN packet arrives from the second transmission, I no longer care about the first transmission. So to rephrase my question, how can I look at the sequence number of an incoming packet and identify it as not belonging to the current TCP stream? Is there something I can use such as window size, to say: if seq_num + X > Y then discard because the seq_num is way off what we're working with in the current stream.
Just looking at the sequence numbers from these two streams I can easily tell which packet belongs to which stream. The sequence numbers are significantly different. But how can make the same determination in my application?
Thanks
