Wireshark-dev: Re: [Wireshark-dev] Getting ACK/SEQ numbers in a dissector
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 24 Mar 2008 23:24:12 -0700
Greg Sinclair wrote:

Its the <sequence number..> part I need help filling in. Can someone
help me figure out how to do this in a regular dissector function? And
to make matters worse, I'd need the relative sequence number instead of
the absolute sequence number.

There's no guarantee that you have the initial 3-way handshake in a capture, so there's no guarantee that you *can* have the relative sequence number.

Currently, I don't think there's any way to get the relative sequence number even if it *is* known, and there's definitely no way to determine whether it's known.