Hi,
With a fairly simple ftp trace where we capture only the first 128 bytes of data, wireshark displays that it did not see the previous segment. The IP header says that it is a 1500 byte packet. Wireshark is using the capture lengh of 128 instead of the real packet length. e.g. the next sequence is the current sequence plus the captured length, not the IP packet length.
It also confused the ack processing and says that the packet a particular ack is acking was never seen when in fact it was.
Is this a bug? Or am I confused?
Thank you,
Perry Smith
