Ethereal-dev: Re: [Ethereal-dev] Sequence numbers in TCP segments

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 08 Dec 2005 10:58:14 -0800
Victor wrote:


I've got a sample capture file which contains a set of TCP segments.
These TCP segments have a sequence number in their corresponding header
field. This sequence number seems to be a 32-bit random value.
It's not. See RFC 793; the *starting* sequence number, in both directions, might be random, but once you start with a given sequence number, the sequence numbers increase by N for every N byte sent (using modulo-2^32 arithmetic). 


If I open
the sample capture file with Ethereal, these sequence numbers appear as
logical sequence numbers (such as 0, 17, etc.). Anybody know how
Ethereal obtain these logical sequence numbers?
Its TCP dissector can be configured to display the sequence numbers relative to the starting sequence number. (tcpdump works similarly - it displays relative sequence numbers unless run with the "-S" flag.)