Wireshark-users: Re: [Wireshark-users] Ack number always equals 1

From: Giovanni Parodi <giovanniparodi79@xxxxxxxx>
Date: Mon, 26 Oct 2009 01:10:18 -0700 (PDT)



Da: "wireshark-users-request@xxxxxxxxxxxxx" <wireshark-users-request@xxxxxxxxxxxxx>
A: wireshark-users@xxxxxxxxxxxxx
Inviato: Dom 25 ottobre 2009, 20:00:03
Oggetto: Wireshark-users Digest, Vol 41, Issue 40

Send Wireshark-users mailing list submissions to
    wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
    https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
    wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
    wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

  1. Re: Ack number always equals 1 (Richard Bejtlich)
  2. Re: Ack number always equals 1 (dan meyer)


----------------------------------------------------------------------

Message: 1
Date: Sat, 24 Oct 2009 15:42:15 -0400
From: Richard Bejtlich <taosecurity@xxxxxxxxx>
Subject: Re: [Wireshark-users] Ack number always equals 1
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
    <120ef0530910241242w62896df1rc5e1563775213e98@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Oct 24, 2009 at 12:02 PM, Giovanni Parodi
<giovanniparodi79@xxxxxxxx> wrote:
>
> Good morning everyone,
> I'm a newbye in networking application and I trying to debug a strange
> problem that I have sending through TCP protocol some data from a DSP based
> system to a PC application
> The problem is that that the application running on PC disconnects after few
> packets, and so I used wireshark to debug the problem.
> It seems some packet get lost (I use a cross cable to connect the devices)
> and that the system isn't able to recover from such a problem.
> Furthermore I found out that Acknowledgement number generated by the DSP
> runnign the server appl always equals 1.
> Do you have any idea about some wrong setting that could generate such a
> behaviour?
> Giovanni
>

Hi Giovanni,

10.31.11.31 always sends relative TCP ACK 1 because 10.31.11.219 never
sends any application layer data.  10.31.11.31 is always waiting for
10.31.11.219 to send its first byte of application layer data, but
that never happens.  10.31.11.31 is the system that sends all the data
in your conversation (23,109 bytes).

The incorrect TCP checksum 0x2b52 could be added by the NIC as
indicated by Wireshark's message (TCP Checksum offload?" or it could
be hardcoded by the app on 10.31.11.219.  Where did you perform the
capture?

Why do you think "the system isn't able to recover from such a
problem"?  I see the missing bytes of data are retransmitted such that
10.31.11.219 ACKs 49281 before 10.31.11.219 tears down the connection
with a RST ACK.

Sincerely,

Richard


------------------------------

Message: 2
Date: Sat, 24 Oct 2009 15:21:48 -0500
From: dan meyer <dan@xxxxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Ack number always equals 1
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
    <2cf95dc10910241321o68aa7b7cxd8a476fe9b0ed53f@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Hello Giovanni

>From http://wiki.wireshark.org/TCP_Relative_Sequence_Numbers

'By default Wireshark and TShark will keep track of all TCP sessions and
convert all Sequence Numbers (SEQ numbers) and Acknowledge Numbers (ACK
Numbers) into relative numbers. '

Since you are using a crossover cable, it's very unlikely you have a network
problem. That leaves OS, driver or application issues. If other apps don't
have any network problems, your application is probably at fault here

Good luck, and let us know what you find!

-- Dan Meyer

On Sat, Oct 24, 2009 at 11:02 AM, Giovanni Parodi <giovanniparodi79@xxxxxxxx
> wrote:

>
> Good morning everyone,
> I'm a newbye in networking application and I trying to debug a strange
> problem that I have sending through TCP protocol some data from a DSP based
> system to a PC application
> The problem is that that the application running on PC disconnects after
> few packets, and so I used wireshark to debug the problem.
> It seems some packet get lost (I use a cross cable to connect the devices)
> and that the system isn't able to recover from such a problem.
> Furthermore I found out that Acknowledgement number generated by the DSP
> runnign the server appl always equals 1.
> Do you have any idea about some wrong setting that could generate such a
> behaviour?
> Giovanni
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>            mailto:wireshark-users-request@xxxxxxxxxxxxx
> ?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091024/1311d313/attachment.htm

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 41, Issue 40
***********************************************



Hello    everybody,
first thanks a lot everybody.
Dear Richard you are right 219 never sends app data, I misunderstood the way ack works.
For the checksum it is fine I thinks it's something related to my NIC since any TCP message has this "bug", so I locally disabled the check on my Wireshark.
You are right the missing packet is retransmit by the 31 system and 219 acks it, I have to improve my knowlege of Wireshark (it was Sunday, please be patient :-D).
I will search for application level "bugs".
Thanks a lot for your help
Giovanni

__________________________________________________
Do You Yahoo!?
Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi
http://mail.yahoo.it