Wireshark · Wireshark-dev: [Wireshark-dev] Migration from Ethereal to Wireshark - differences

Wireshark-dev: [Wireshark-dev] Migration from Ethereal to Wireshark - differences

From: "Malaviya, Keyur" <keyurm@xxxxxxxxxxxx>

Date: Thu, 22 Jan 2009 10:23:02 -0800

Hello,

We were using Ethereal to parse PCAP files and now we migrated to Wireshark.

There are a numbers of differences between the output of Ethereal and Wireshark.

We are concerned about the sequence number differences and want to confirm with you the reason for the difference.

From Wireshark Wiki, I found “relative sequence number” settings and as per this Ethereal always starts with sequence number “0”. But Wireshark starts with sequence number “1” and it has one number higher for every sequence number and ACK packets compared to ethereal. Why this difference? Does Wireshark require some settings or parameter to be set?

Please advice,

---

Thanks and regards,

Keyur.

Follow-Ups:
- Re: [Wireshark-dev] Migration from Ethereal to Wireshark - differences
  - From: Sake Blok

Prev by Date: Re: [Wireshark-dev] Desperate question on a Windows based wireshark setup
Next by Date: Re: [Wireshark-dev] Migration from Ethereal to Wireshark - differences
Previous by thread: Re: [Wireshark-dev] Desperate question on a Windows based wireshark setup
Next by thread: Re: [Wireshark-dev] Migration from Ethereal to Wireshark - differences
Index(es):
- Date
- Thread