Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12855] Follow TCP Stream shows duplicate stream data

Wireshark-bugs: [Wireshark-bugs] [Bug 12855] Follow TCP Stream shows duplicate stream data

Date: Tue, 22 Nov 2016 08:22:36 +0000

What	Removed	Added
Status	RESOLVED	CONFIRMED
Resolution	FIXED	---

Comment # 27 on bug 12855 from Erik Hjelmvik

I'd like to open this bug up again. I tried Wireshark 2.2.2 but it did
unfortunately not always fix the issue of showing overlapping/duplicate
packets.

Attached files:

hao123-com_packet-injection-filtered.pcap
TCP packet injection attack from my SharkFest Europe talk
https://sharkfesteurope.wireshark.org/assets/presentations16eu/10.pdf

hao123-com_packet-injection-filtered.png
Screenshot of Wireshark 2.2.2's Follow TCP Stream showing both the injected
packet and the real packet even though they have the same TCP sequence number.
Correct behaviour would be to skip the first 74 bytes of the second overlap,
since we have already read 74 bytes from the first overlapping segment.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 13162] Buildbot crash output: fuzz-2016-11-20-16952.pcap
Next by Date: [Wireshark-bugs] [Bug 12855] Follow TCP Stream shows duplicate stream data
Previous by thread: [Wireshark-bugs] [Bug 12855] Follow TCP Stream shows duplicate stream data
Next by thread: [Wireshark-bugs] [Bug 12855] Follow TCP Stream shows duplicate stream data
Index(es):
- Date
- Thread