Ethereal-users: [Ethereal-users] TCP Sequence Number Differs From Sniffer Basic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Keith French" <keithfrench@xxxxxxxxxxxxxxx>
Date: Wed, 7 Apr 2004 10:03:05 +0100
In Ethereal V 0.10.3 the TCP header seems to report differently to the same trace when viewed in Sniffer Basic (V4.50). As an example Sniffer Basic displays (in the TCP three way handshake to set up the session) :-
 
Source Port
Destination Port
Initial Sequence Number (first frame) or Sequence Number (subsequent frames)
Next Expected Seq Number
Acknowledgement Number (subsequent frames only)
Data Offset etc
 
 
The same viewed with Ethereal shows:-
 
Source Port
Destination Port
Sequence Number (but not the ISN)
Acknowledgement Number (on subsequent frames only not initial one).
Header Length (same number of bytes as Data Offset -seems reasonable)
 
When you get to the first packet in the session (e.g. FTP) Ethereal does show the Next Sequence Number field in the header, but the values for all sequence numbers are totally different to Sniffer Basic.
 
E.G.
For the same packet (first in FTP transfer)
 
Sniffer Basic:-
 
Sequence Number : 3065059825
Next Expected Seq Number :  3065059867
Acknowledgement Number : 481399856
 
Ethereal:-
 
Sequence Number : 1
Next Expected Seq Number :  43
Acknowledgement Number : 1
 
I have looked in the preferences under Protocols/TCP but cannot see anything that might suggest a different way of reporting the same data.
 
Any ideas what is happening?
 
Keith French
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.648 / Virus Database: 415 - Release Date: 31/03/2004