Wireshark mailing list archives
Re: Filtering sequence numbers between concurrent incoming TCP transmissions
From: Richard Bejtlich <taosecurity () gmail com>
Date: Mon, 3 May 2010 07:50:06 -0400
On Sun, May 2, 2010 at 9:21 PM, Jeff Bruns <jeff.bruns () gmail com> wrote:
Greetings- I've been using Wireshark to analyze network traffic that's being parsed by a network sniffing perl application. My recent problem is that I've discovered 2 incoming messages, occuring within nanoseconds of each other. I suspect that my network sniffer is trying to reassemble some or all of the packets of both messages into a single message. Obviously the packets from both of these transmissions adhere to one of two sequence number schemes, depending on which message they belong to.
Hello, Do you mean to say you have two TCP segments, such that Msg 1: Src IP A Src Port B -> Dst IP C Dst Port D and Msg 2: Src IP A Src Port B -> Dst IP C Dst Port D ? In other words, you expect your application to differentiate between segments based on sequence number alone? Sincerely, Richard ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Filtering sequence numbers between concurrent incoming TCP transmissions Jeff Bruns (May 02)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Richard Bejtlich (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Jeff Bruns (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Richard Bejtlich (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Jeff Bruns (May 03)
- Re: Filtering sequence numbers between concurrent incoming TCP transmissions Richard Bejtlich (May 03)