Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question Regarding Suspected TCP Expert Problem

From: "Sake Blok" <sake () euronet nl>
Date: Thu, 7 Jan 2010 17:09:40 +0100
Sean,

I have not encountered this before, but the behavior should be consistent between loading files and turning things off 
and on again (why does "The IT crowd" pop up in my head now ;-)).

Would it be possible for you to share the file so I could have a look? You can open a bug at bugs.wireshark.org and 
attach the file or send it directly to me if you don't want it on a public website.

Cheers,


Sake

  ----- Original Message ----- 
  From: Fischer, Sean 
  To: wireshark-users () wireshark org 
  Sent: Wednesday, January 06, 2010 6:40 PM
  Subject: [Wireshark-users] Question Regarding Suspected TCP Expert Problem


  I have a number of captures within which the Wireshark expert indicates hundreds of TCP Previous Segment Lost and TCP 
ACKed Lost Segment warnings.  This is reflected both within the decode window on the packet Info as well as in the 
Expert Info dialog boxes.  A cursory review of the TCP data seems to confirm that the sequence numbers are correct.

   

  I have found that going into preferences and toggling (both on-to-off and off-to-on) Relative Sequence Number and 
Window Scaling removes the expert info warnings.  Reopening the file recreates the warnings until toggling again.

   

  I also found that saving an affected TCP stream out of the capture into its own cap file will cause Wireshark not to 
issue the warnings.

   

  The capture does include the initial three way handshake of the TCP stream in question.  I have no reason to think 
any packets are not being captured, and the capture is being taken on a dedicated sniffer box with dedicated sniffing 
NICs on a mirrored switchport.  The complete capture is around 8MB.  I am using Wireshark 1.2.5 (SVN Rev 31296).

   

  Are there any bugs related to this?  Any other helpful suggestions?

   

  Thanks,

   

  Sean

   



------------------------------------------------------------------------------


  ___________________________________________________________________________
  Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
  Archives:    http://www.wireshark.org/lists/wireshark-users
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
               mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: