Wireshark · Ethereal-users: Re: [Ethereal-users] TCP Sequence Number Differs From Sniffer Basic

Ethereal-users: Re: [Ethereal-users] TCP Sequence Number Differs From Sniffer Basic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>

Date: Wed, 7 Apr 2004 19:32:38 +1000

From: Keith French
>The same viewed with Ethereal shows:-
...
>Acknowledgement Number (on subsequent frames only not initial one).

The Acknowledge field is only defined if the ACK flag is set.
If the ACK flag is not set, such as in the initial SYN segment, then the
Acknowledge field is udnefined
and thus lacks meaning.

Since the Acknowledge field is undefined and technically does not exist in
the initial SYN packet (in which ACK flag is 0 and Acknowledge is just
4 random undefined bytes) therefor Ethereal will not dissect this field.

Ethereal only dissects this field when it exists in the packet, i.e. packets
where ACK-flag is set.


Dissecting the Acknowledge field for segments where the ACK bit is not set
would be a bug which should be reported to the vendor.

References:
- [Ethereal-users] TCP Sequence Number Differs From Sniffer Basic
  - From: Keith French

Prev by Date: Re: [Ethereal-users] TCP Sequence Number Differs From Sniffer Basic
Next by Date: Re: [Ethereal-users] Updating Fink package to 0.10.3 (MacOS X)
Previous by thread: Re: [Ethereal-users] TCP Sequence Number Differs From Sniffer Basic
Next by thread: [Ethereal-users] Updating Fink package to 0.10.3 (MacOS X)
Index(es):
- Date
- Thread