Wireshark-bugs: [Wireshark-bugs] [Bug 8173] New: Exported TCP packet with invalid sequence numbe
Date: Tue, 08 Jan 2013 15:06:26 +0000
Bug ID 8173
Summary Exported TCP packet with invalid sequence number not recognized
Classification Unclassified
Product Wireshark
Version 1.8.4
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Wireshark
Assignee bugzilla-admin@wireshark.org
Reporter cottonke@gmail.com

Created attachment 9779 [details]
Zip file of original and exported captures

Build Information:
Version 1.8.4 (SVN Rev 46250 from /trunk-1.8)

Copyright 1998-2012 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.2, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS
2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio
V19-devel (built Nov 28 2012), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 10.0 build 40219
--
While capturing some TCP connection problems we were having we noticed invalid
sequence numbers being sent by one end. These were marked properly in the
original capture as being invalid packets.

An export was done on only the packet range related to the offending TCP
connection. This was done via the File -> Export Specified Packets ... menu
option. Then the value "1697-1759" was entered in the Range text input, file
name was specified, and the Save button was clicked.

The exported capture shows the sequence and ack numbers to be correct in the
Info column of the "packet list" frame (default top frame), but inspection of
the packet details shows that these numbers are in fact incorrect.

The exported and original packet captures have been attached for inspection.


You are receiving this mail because:
  • You are watching all bug changes.