Wireshark mailing list archives
Re: Filtering sequence numbers between concurrent incoming TCP transmissions
From: Jeff Bruns <jeff.bruns () gmail com>
Date: Mon, 3 May 2010 11:40:06 -0400
Richard- Thank you, you answered my question. I had entirely overlooked the TCP sender's port number, having not occurred at the time that the port number will differ from message to message. Brain hiccup. And as expected, the TCP port number of the first message is 54823, the second message 54824. Thanks for the help. Jeff Bruns On Mon, May 3, 2010 at 7:50 AM, Richard Bejtlich <taosecurity () gmail com>wrote:
On Sun, May 2, 2010 at 9:21 PM, Jeff Bruns <jeff.bruns () gmail com> wrote:Greetings- I've been using Wireshark to analyze network traffic that's being parsedbya network sniffing perl application. My recent problem is that I've discovered 2 incoming messages, occuring within nanoseconds of eachother. Isuspect that my network sniffer is trying to reassemble some or all ofthepackets of both messages into a single message. Obviously the packetsfromboth of these transmissions adhere to one of two sequence number schemes, depending on which message they belong to.Hello, Do you mean to say you have two TCP segments, such that Msg 1: Src IP A Src Port B -> Dst IP C Dst Port D and Msg 2: Src IP A Src Port B -> Dst IP C Dst Port D ? In other words, you expect your application to differentiate between segments based on sequence number alone? Sincerely, Richard
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Filtering sequence numbers between concurrent incoming TCP transmissions Jeff Bruns (May 02)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Richard Bejtlich (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Jeff Bruns (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Richard Bejtlich (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Jeff Bruns (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Richard Bejtlich (May 03)