Wireshark mailing list archives

Re: Ack number always equals 1

From: Giovanni Parodi <giovanniparodi79 () yahoo it>
Date: Mon, 26 Oct 2009 01:10:18 -0700 (PDT)






________________________________
Da: "wireshark-users-request () wireshark org" <wireshark-users-request () wireshark org>
A: wireshark-users () wireshark org
Inviato: Dom 25 ottobre 2009, 20:00:03
Oggetto: Wireshark-users Digest, Vol 41, Issue 40

Send Wireshark-users mailing list submissions to
    wireshark-users () wireshark org

To subscribe or unsubscribe via the World Wide Web, visit
    https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
    wireshark-users-request () wireshark org

You can reach the person managing the list at
    wireshark-users-owner () wireshark org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: Ack number always equals 1 (Richard Bejtlich)
   2. Re: Ack number always equals 1 (dan meyer)


----------------------------------------------------------------------

Message: 1
Date: Sat, 24 Oct 2009 15:42:15 -0400
From: Richard Bejtlich <taosecurity () gmail com>
Subject: Re: [Wireshark-users] Ack number always equals 1
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID:
    <120ef0530910241242w62896df1rc5e1563775213e98 () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Oct 24, 2009 at 12:02 PM, Giovanni Parodi
<giovanniparodi79 () yahoo it> wrote:


Good morning everyone,
I'm a newbye in networking application and I trying to debug a strange
problem that I have sending through TCP protocol some data from a DSP based
system to a PC application
The problem is that that the application running on PC disconnects after few
packets, and so I used wireshark to debug the problem.
It seems some packet get lost (I use a cross cable to connect the devices)
and that the system isn't able to recover from such a problem.
Furthermore I found out that Acknowledgement number generated by the DSP
runnign the server appl always equals 1.
Do you have any idea about some wrong setting that could generate such a
behaviour?
Giovanni


Hi Giovanni,

10.31.11.31 always sends relative TCP ACK 1 because 10.31.11.219 never
sends any application layer data.  10.31.11.31 is always waiting for
10.31.11.219 to send its first byte of application layer data, but
that never happens.  10.31.11.31 is the system that sends all the data
in your conversation (23,109 bytes).

The incorrect TCP checksum 0x2b52 could be added by the NIC as
indicated by Wireshark's message (TCP Checksum offload?" or it could
be hardcoded by the app on 10.31.11.219.  Where did you perform the
capture?

Why do you think "the system isn't able to recover from such a
problem"?  I see the missing bytes of data are retransmitted such that
10.31.11.219 ACKs 49281 before 10.31.11.219 tears down the connection
with a RST ACK.

Sincerely,

Richard


------------------------------

Message: 2
Date: Sat, 24 Oct 2009 15:21:48 -0500
From: dan meyer <dan () meyer-family net>
Subject: Re: [Wireshark-users] Ack number always equals 1
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID:
    <2cf95dc10910241321o68aa7b7cxd8a476fe9b0ed53f () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hello Giovanni

From http://wiki.wireshark.org/TCP_Relative_Sequence_Numbers


'By default Wireshark and TShark will keep track of all TCP sessions and
convert all Sequence Numbers (SEQ numbers) and Acknowledge Numbers (ACK
Numbers) into relative numbers. '

Since you are using a crossover cable, it's very unlikely you have a network
problem. That leaves OS, driver or application issues. If other apps don't
have any network problems, your application is probably at fault here

Good luck, and let us know what you find!

-- Dan Meyer

On Sat, Oct 24, 2009 at 11:02 AM, Giovanni Parodi <giovanniparodi79 () yahoo it

wrote:


Good morning everyone,
I'm a newbye in networking application and I trying to debug a strange
problem that I have sending through TCP protocol some data from a DSP based
system to a PC application
The problem is that that the application running on PC disconnects after
few packets, and so I used wireshark to debug the problem.
It seems some packet get lost (I use a cross cable to connect the devices)
and that the system isn't able to recover from such a problem.
Furthermore I found out that Acknowledgement number generated by the DSP
runnign the server appl always equals 1.
Do you have any idea about some wrong setting that could generate such a
behaviour?
Giovanni


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091024/1311d313/attachment.htm 

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users () wireshark org
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 41, Issue 40
***********************************************



Hello    everybody,
first thanks a lot everybody.
Dear Richard you are right 219 never sends app data, I misunderstood the way ack works.
For the checksum it is fine I thinks it's something related to my NIC since any TCP message has this "bug", so I 
locally disabled the check on my Wireshark.
You are right the missing packet is retransmit by the 31 system and 219 acks it, I have to improve my knowlege of 
Wireshark (it was Sunday, please be patient :-D).
I will search for application level "bugs".
Thanks a lot for your help
Giovanni


__________________________________________________
Do You Yahoo!?
Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi 
http://mail.yahoo.it

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Ack number always equals 1 Giovanni Parodi (Oct 24)
- Re: Ack number always equals 1 Richard Bejtlich (Oct 24)
- Re: Ack number always equals 1 dan meyer (Oct 24)
- <Possible follow-ups>
- Re: Ack number always equals 1 Giovanni Parodi (Oct 26)