Wireshark mailing list archives
Re: Ack number always equals 1
From: Giovanni Parodi <giovanniparodi79 () yahoo it>
Date: Mon, 26 Oct 2009 01:10:18 -0700 (PDT)
________________________________ Da: "wireshark-users-request () wireshark org" <wireshark-users-request () wireshark org> A: wireshark-users () wireshark org Inviato: Dom 25 ottobre 2009, 20:00:03 Oggetto: Wireshark-users Digest, Vol 41, Issue 40 Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: Ack number always equals 1 (Richard Bejtlich) 2. Re: Ack number always equals 1 (dan meyer) ---------------------------------------------------------------------- Message: 1 Date: Sat, 24 Oct 2009 15:42:15 -0400 From: Richard Bejtlich <taosecurity () gmail com> Subject: Re: [Wireshark-users] Ack number always equals 1 To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <120ef0530910241242w62896df1rc5e1563775213e98 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 On Sat, Oct 24, 2009 at 12:02 PM, Giovanni Parodi <giovanniparodi79 () yahoo it> wrote:
Good morning everyone, I'm a newbye in networking application and I trying to debug a strange problem that I have sending through TCP protocol some data from a DSP based system to a PC application The problem is that that the application running on PC disconnects after few packets, and so I used wireshark to debug the problem. It seems some packet get lost (I use a cross cable to connect the devices) and that the system isn't able to recover from such a problem. Furthermore I found out that Acknowledgement number generated by the DSP runnign the server appl always equals 1. Do you have any idea about some wrong setting that could generate such a behaviour? Giovanni
Hi Giovanni, 10.31.11.31 always sends relative TCP ACK 1 because 10.31.11.219 never sends any application layer data. 10.31.11.31 is always waiting for 10.31.11.219 to send its first byte of application layer data, but that never happens. 10.31.11.31 is the system that sends all the data in your conversation (23,109 bytes). The incorrect TCP checksum 0x2b52 could be added by the NIC as indicated by Wireshark's message (TCP Checksum offload?" or it could be hardcoded by the app on 10.31.11.219. Where did you perform the capture? Why do you think "the system isn't able to recover from such a problem"? I see the missing bytes of data are retransmitted such that 10.31.11.219 ACKs 49281 before 10.31.11.219 tears down the connection with a RST ACK. Sincerely, Richard ------------------------------ Message: 2 Date: Sat, 24 Oct 2009 15:21:48 -0500 From: dan meyer <dan () meyer-family net> Subject: Re: [Wireshark-users] Ack number always equals 1 To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <2cf95dc10910241321o68aa7b7cxd8a476fe9b0ed53f () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hello Giovanni
From http://wiki.wireshark.org/TCP_Relative_Sequence_Numbers
'By default Wireshark and TShark will keep track of all TCP sessions and convert all Sequence Numbers (SEQ numbers) and Acknowledge Numbers (ACK Numbers) into relative numbers. ' Since you are using a crossover cable, it's very unlikely you have a network problem. That leaves OS, driver or application issues. If other apps don't have any network problems, your application is probably at fault here Good luck, and let us know what you find! -- Dan Meyer On Sat, Oct 24, 2009 at 11:02 AM, Giovanni Parodi <giovanniparodi79 () yahoo it
wrote:
Good morning everyone, I'm a newbye in networking application and I trying to debug a strange problem that I have sending through TCP protocol some data from a DSP based system to a PC application The problem is that that the application running on PC disconnects after few packets, and so I used wireshark to debug the problem. It seems some packet get lost (I use a cross cable to connect the devices) and that the system isn't able to recover from such a problem. Furthermore I found out that Acknowledgement number generated by the DSP runnign the server appl always equals 1. Do you have any idea about some wrong setting that could generate such a behaviour? Giovanni ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091024/1311d313/attachment.htm ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 41, Issue 40 *********************************************** Hello everybody, first thanks a lot everybody. Dear Richard you are right 219 never sends app data, I misunderstood the way ack works. For the checksum it is fine I thinks it's something related to my NIC since any TCP message has this "bug", so I locally disabled the check on my Wireshark. You are right the missing packet is retransmit by the 31 system and 219 acks it, I have to improve my knowlege of Wireshark (it was Sunday, please be patient :-D). I will search for application level "bugs". Thanks a lot for your help Giovanni __________________________________________________ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Ack number always equals 1 Giovanni Parodi (Oct 24)
- Re: Ack number always equals 1 Richard Bejtlich (Oct 24)
- Re: Ack number always equals 1 dan meyer (Oct 24)
- <Possible follow-ups>
- Re: Ack number always equals 1 Giovanni Parodi (Oct 26)