Wireshark · Wireshark-users: Re: [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP transmissions

Wireshark-users: Re: [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP

From: Richard Bejtlich <taosecurity@xxxxxxxxx>

Date: Mon, 3 May 2010 07:50:06 -0400

On Sun, May 2, 2010 at 9:21 PM, Jeff Bruns <jeff.bruns@xxxxxxxxx> wrote:
> Greetings-
> I've been using Wireshark to analyze network traffic that's being parsed by
> a network sniffing perl application. My recent problem is that I've
> discovered 2 incoming messages, occuring within nanoseconds of each other. I
> suspect that my network sniffer is trying to reassemble some or all of the
> packets of both messages into a single message. Obviously the packets from
> both of these transmissions adhere to one of two sequence number schemes,
> depending on which message they belong to.
>

Hello,

Do you mean to say you have two TCP segments, such that

Msg 1: Src IP A Src Port B -> Dst IP C Dst Port D

and

Msg 2: Src IP A Src Port B -> Dst IP C Dst Port D

?

In other words, you expect your application to differentiate between
segments based on sequence number alone?

Sincerely,

Richard

Follow-Ups:
- Re: [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP transmissions
  - From: Jeff Bruns

References:
- [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP transmissions
  - From: Jeff Bruns

Prev by Date: Re: [Wireshark-users] RST flag at end of TCP transmission
Next by Date: Re: [Wireshark-users] Error while starting Wireshark 1.2.7
Previous by thread: [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP transmissions
Next by thread: Re: [Wireshark-users] Filtering sequence numbers between concurrent incoming TCP transmissions
Index(es):
- Date
- Thread