Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1680] New: Error in TCP Sequence number analysis

[bugzilla-daemon@xxxxxxxxxxxxx]

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1680

           Summary: Error in TCP Sequence number analysis
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: c.koenning@xxxxxx


Build Information:
Version 0.99.5 (SVN Rev 20677)

Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804
--
The tcp sequence number analysis marks TCP sequences as possible retransmission
or suspects lost fragments when the last connection was not closed properly by
a 4 way handshake but closed by a oneside FIN and RST.

This is a bit confusion when analysing a lot of data.


As you can see in frame 18 the sequence number analysis results in 
[A segment before this frame was lost]

And also in frame 22 sequence number analysis results in 
 [TCP Analysis Flags]
            [This frame is a (suspected) retransmission]
            [The RTO for this segment was: 15.817093000 seconds]
            [RTO based on delta from frame: 14]

Best regards,

Christian Koenning

atached the trace in TXT format.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.