Ethereal-users: [Ethereal-users] May be a small visualization bug in 10.6 version

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Camp0s" <camp0s@xxxxxxxxx>
Date: Wed, 17 Nov 2004 21:07:57 +0100
Hy, i'm new to this list and i'm using Ethereal in school lab since 3 weeks,
well i don't know for sure, but during a test on what happen when i telnet
to a machine at a port without a service behind (eg 7777) a get i incorrect
SEQ->ACK numbers in visualization, in brief, the request should be:

telnet 10.0.0.2 7777

10.0.0.50 --> 10.0.0.2  1057-->7777 [SYN]      SEQ=0, ACK=0
10.0.0.2  --> 10.0.0.50 7777-->1057 [RST,ACK]  SEQ=0, ACK=1

If, it is correct, the ACK is set at one in the reply.
Now, look at the capture, and to the second packet:

1° packet
----------------------------------------------------------------------------
--------

No. Time      Source     Destination  Protocol Info
1   0.000000  10.0.0.50  10.0.0.2     TCP      1057 > 7777 [SYN] Seq=0 Ack=0
Win=5840 Len=0 MSS=1460 TSV=1949340 TSER=0 WS=0

Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 00:04:76:e0:b2:af, Dst: 00:0a:5e:1f:fd:5b Internet
Protocol, Src Addr: 10.0.0.50 (10.0.0.50), Dst Addr: 10.0.0.2 (10.0.0.2)
Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 7777 (7777),
Seq: 0, Ack: 0, Len: 0
    Source port: 1057 (1057)
    Destination port: 7777 (7777)
    Sequence number: 0    (relative sequence number)
    Header length: 40 bytes
    Flags: 0x0002 (SYN)
    Window size: 5840
    Checksum: 0xd6b8 (correct)
    Options: (20 bytes)

0000  00 0a 5e 1f fd 5b 00 04 76 e0 b2 af 08 00 45 10   ..^..[..v.....E.
0010  00 3c 73 6a 40 00 40 06 b3 0e 0a 00 00 32 0a 00   .<sj@.@......2..
0020  00 02 04 21 1e 61 97 18 cd f6 00 00 00 00 a0 02   ...!.a..........
0030  16 d0 d6 b8 00 00 02 04 05 b4 04 02 08 0a 00 1d   ................
0040  be 9c 00 00 00 00 01 03 03 00                     ..........

2° packet
----------------------------------------------------------------------------
--------

No. Time      Source    Destination  Protocol Info
2   0.000077  10.0.0.2  10.0.0.50    TCP      7777 > 1057 [RST, ACK] Seq=0
Ack=0 Win=0 Len=0

Frame 2 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0a:5e:1f:fd:5b, Dst: 00:04:76:e0:b2:af Internet
Protocol, Src Addr: 10.0.0.2 (10.0.0.2), Dst Addr: 10.0.0.50 (10.0.0.50)
Transmission Control Protocol, Src Port: 7777 (7777), Dst Port: 1057 (1057),
Seq: 0, Ack: 0, Len: 0
    Source port: 7777 (7777)
    Destination port: 1057 (1057)
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 0    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0014 (RST, ACK)
    Window size: 0
    Checksum: 0x140b (correct)
    SEQ/ACK analysis

0000  00 04 76 e0 b2 af 00 0a 5e 1f fd 5b 08 00 45 10   ..v.....^..[..E.
0010  00 28 00 00 40 00 40 06 26 8d 0a 00 00 02 0a 00   .(..@.@.&.......
0020  00 32 1e 61 04 21 00 00 00 00 97 18 cd f7 50 14   .2.a.!........P.
0030  00 00 14 0b 00 00 00 00 00 00 00 00               ............

>From the last packet, ethereal show the ACK still set at 0.... (should be 1
?) But, if you look into the raw data bytes:

For the 1st packet: 	97 18 cd f6
For the second packet:	97 18 cd f7

... And the difference is correctly 1, as ACK should be incremented.

What do you think ? Did i do some mistake, misunderstood, it's a bug ?

------------------------------------------------
Un italiano e' un latin lover, due italiani sono 
un casino, tre italiani fanno quattro partiti.
http://camp0s.altervista.org
www.tiformattoilpc.info (UP 21 to 8 o'clock)