Got a pcap file where a telnet client was talking to a strange TCP server. Packet 7 is an ack packet but its ACK number is not displayed correctly by Wireshark. Granted that the strange server itself has some problems. The Wireshark is 1.10.6, but I tried Wireshark 2.0 and it has the same issue. Can some confirm? asked 24 May '16, 12:27 pktUser1001 |
2 Answers:
Wireshark was using relative seq number for the previous packets, this confused me why Wireshark switched to absolutely seq number display. Turned out the TCP header length for packet 7 was set to be 24 even though there are only 20 bytes available (according to IP total length). After fixing this issue on the crazy server, it's ok now. answered 24 May '16, 14:09 pktUser1001 |
Looks good to me - the packet is having some issues with the various length values, but the ACK number is fine. Unless you use relative sequence numbers - because then it seems that Wireshark doesn't calculate the relative number and uses absolute values instead. I'm not sure why though. answered 24 May '16, 13:24 Jasper ♦♦ |
Thanks for the comment, wireshark was using relative seq no.