Wireshark mailing list archives

Re: TCP sequence number

From: Guy Harris <guy () alum mit edu>
Date: Tue, 22 Dec 2009 18:55:55 -0800


On Dec 22, 2009, at 6:29 PM, Rayne wrote:

I would like to know how Wireshark reads the sequence number. I have a packet with the Sequence number displayed as 
3273, but the corresponding bytes are "2e b2 cf 43". How did Wireshark get 3273 from 2e b2 cf 43?


By fetching the bytes in question in network byte order, and then subtracting the initial sequence number for the TCP 
connection from it.

(I.e., by default, it displays relative sequence numbers, not absolute sequence numbers.)

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

TCP sequence number Rayne (Dec 22)
- Re: TCP sequence number Guy Harris (Dec 22)
- Re: TCP sequence number Ian Schorr (Dec 22)