Hello, i have this problem while tracing this Pcap file, i am trying to understand the relation between ack and seq and len , i thought i understand it but check packet 7 , i don't understand ..can anyone explain to me please what is happening here ? i thought that the ack = seq no. + Len asked 26 May '15, 15:28  yas1234 |
, but here in line 7 what i understood doesn't apply!
One Answer:
you have captured locally, which means that you see outgoing packets that are much larger than they actually were. This is caused by the network card performing segment offloading. The ACK you see is for a much smaller packet (which is correct). The big packet in line 5 isn't what was really sent. If you try to track sequence and ack numbers, do NOT use captures you've taken locally. Use a third PC to record what the other two are sending. Also see https://blog.packet-foo.com/2014/05/the-drawbacks-of-local-packet-captures/ answered 26 May '15, 21:39  Jasper ♦♦ |
