On Thu, Jan 22, 2009 at 10:23:02AM -0800, Malaviya, Keyur wrote:
>
> We are concerned about the sequence number differences and want to confirm
> with you the reason for the difference.
>
> From Wireshark Wiki, I found "relative sequence number" settings and as
> per this Ethereal always starts with sequence number "0". But Wireshark
> starts with sequence number "1" and it has one number higher for every
> sequence number and ACK packets compared to ethereal. Why this difference?
> Does Wireshark require some settings or parameter to be set?
Have a look at bug 1542
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1542)
the code that calculates sequence numbers has been corrected to behave
in a more predictable way when comparing tracefiles. Is it true that in
your capture file, the SYN or the SYN/ACK are missing?
Could you compare output of ethereal and wireshark on a capture file
that includes the whole TCP session (3way-handshake, data, FIN/FIN)?
Any differences now? If so, please provide full version information on
both ethereal and wireshark, the capture file and the relative sequence
numbers that ethereal produces on the first 5 packets (SYN, SYN/ACK,
ACK, data from client, ACK from server).
Cheers,
Sake
PS It's better to use the "wireshark-users" list for this type of question,
as it does not involve development, as it is more of a usage question.