https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4871
Summary: Wrong Ack value in TCP flow graph when using relativ
sequence numbers
Product: Wireshark
Version: 1.4.0
Platform: Other
OS/Version: Windows 7
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: rleutert@xxxxxxxxxx
Created an attachment (id=4787)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4787)
Wrong Ack value in first frame of flow graph
Build Information:
Version 1.4.0rc1 (SVN Rev 33190 from /trunk-1.4)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jun
9 2010), with AirPcap.
Running on 32-bit Windows 7, build 7600, with WinPcap version 4.1.1 (packet.dll
version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, with AirPcap 4.1.1 build 1838.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
When relative sequence number is activated, the first frame (SYN) of the TCP
flow graph contains a wrong Ach number value. This is because this field is
also decremented by the same offset value used for the Ack fields in the
following frames. But as this Ack field is always zero in the first SYN frame,
we are ending up having the value 2^32 minus offset in this field. See enclosed
screenshot.
Best regards Rolf Leutert
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.