Wireshark mailing list archives
Problem with "bytes in flight"
From: "Stefaan Pouseele" <stefaan.pouseele () skynet be>
Date: Sat, 19 Jun 2010 12:30:38 +0200
Hi, when examining the field "tcp.analysis.bytes_in_flight" in Wireshark Version 1.2.9 (SVN Rev 33171) it seems Wireshark doesn't always calculate the correct value. As an example the following two consecutive frames: Frame 91 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: NokiaInt_a5:60:b0 (00:a0:8e:a5:60:b0), Dst: Cisco_bd:9b:8a (00:25:45:bd:9b:8a) Internet Protocol, Src: 193.75.143.194 (193.75.143.194), Dst: 85.91.172.251 (85.91.172.251) Transmission Control Protocol, Src Port: 22862 (22862), Dst Port: exapt-lmgr (3759), Seq: 1, Ack: 18981, Len: 0 Source port: 22862 (22862) Destination port: exapt-lmgr (3759) [Stream index: 3] Sequence number: 1 (relative sequence number) Acknowledgement number: 18981 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) Window size: 64240 Checksum: 0x2ac9 [validation disabled] Frame 92 (1514 bytes on wire, 1514 bytes captured) Ethernet II, Src: Cisco_bd:9b:8a (00:25:45:bd:9b:8a), Dst: NokiaInt_a5:60:b0 (00:a0:8e:a5:60:b0) Internet Protocol, Src: 85.91.172.251 (85.91.172.251), Dst: 193.75.143.194 (193.75.143.194) Transmission Control Protocol, Src Port: exapt-lmgr (3759), Dst Port: 22862 (22862), Seq: 21901, Ack: 1, Len: 1460 Source port: exapt-lmgr (3759) Destination port: 22862 (22862) [Stream index: 3] Sequence number: 21901 (relative sequence number) [Next sequence number: 23361 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) Window size: 64240 Checksum: 0x2a1e [validation disabled] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 91] [The RTT to ACK the segment was: 0.000121000 seconds] [Number of bytes in flight: 7300] Data (1460 bytes) To my knowledge the correct value for "Number of bytes in flight" should be 23361 - 18981 = 4380 in this case. That is "Next sequence number" from Frame 92 minus "Acknowledgement number" from frame 91. Is this an known issue or are I'm missing something? Best Regards, Stefaan ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Problem with "bytes in flight" Stefaan Pouseele (Jun 19)