Wireshark · Ethereal-users: Re: [Ethereal-users] out of order packets

Ethereal-users: Re: [Ethereal-users] out of order packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Peter Bruno <brunopeter2001@xxxxxxxxx>

Date: Thu, 18 May 2006 12:33:45 -0700 (PDT)

Further details:  running version 0.99.0 and WinPcap
version 4.0 alpha1 (same behavior with previous
version (non-Beta) of WinPcap).

1) A -> B [TCP Previous segment lost] Continuation or
non-HTTP traffic
2) A <- B [TCP Dup ACK] SLE=### SRE=###
3) A -> B [TCP Fast Retransmission] [TCP segment of a
reassembled PDU]

Peter

Peter Bruno wrote:
> If packets are recieved out of order (determined by
> looking at the IP Identification),

Or, presumably, by looking at the TCP sequence
number...

> they are flagged as
> 'TCP Previous segment lost' and then the next packet
> as 'TCP Fast Retransmission'.
>
> Is it possible to disable this part of the TCP
> analysis without having to turn off all analysis?

Not as far as I know - but the TCP analysis should
handle OOO packets
correctly.  For example, "TCP Previous segment lost"
should perhaps be
"TCP Previous segment lost or out of order".

Ronnie, when did the rewritten TCP analysis go in, and
did it fix these
problems?

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Follow-Ups:
- Re: [Ethereal-users] out of order packets
  - From: ronnie sahlberg

Prev by Date: [Ethereal-users] Capture the TOKEN in a token ring network ?????
Next by Date: Re: [Ethereal-users] out of order packets
Previous by thread: Re: [Ethereal-users] out of order packets
Next by thread: Re: [Ethereal-users] out of order packets
Index(es):
- Date
- Thread