http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1680
Summary: Error in TCP Sequence number analysis
Product: Wireshark
Version: 0.99.5
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Minor
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: c.koenning@xxxxxx
Build Information:
Version 0.99.5 (SVN Rev 20677)
Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
--
The tcp sequence number analysis marks TCP sequences as possible retransmission
or suspects lost fragments when the last connection was not closed properly by
a 4 way handshake but closed by a oneside FIN and RST.
This is a bit confusion when analysing a lot of data.
As you can see in frame 18 the sequence number analysis results in
[A segment before this frame was lost]
And also in frame 22 sequence number analysis results in
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 15.817093000 seconds]
[RTO based on delta from frame: 14]
Best regards,
Christian Koenning
atached the trace in TXT format.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.