Hello,everyone!
It is my pleasure to write here for you.
I've got some problems with the wireshark that how the software confirm if the
tcp packet is out-of-order or not.
I captured a pcap file named 'example.pcap',in this file No.507, No.508 ,No.509
make me confused:
(because the pcap file is too large ,it is more than 7MB,so I have to export
the right packets as plain text named No507-No509.txt )
507 IP_ID:15689 TCP_SEQ:727452
508 IP_ID:15690 TCP_SEQ:669373------out of order
509 IP_ID:15691 TCP_SEQ:670825------TCP retransmission
No.508 Packet has a IP header ID that is 15690 which is bigger than No.507.This
means the server sended No.508 packet after No.507 packet,and wireshark
captured them the same way .So,as I known ,No.508 may be a retransmission
instead of out-of-order packet.However, wireshark tags a out-of-order flag on
No.508 which makes me confused,Is there any rule I don't get? I got nothing on
the Internet about this question ,could you please help me?
Thanks a lot!
PS:Wireshark version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)
Best regards,
Ring Lee
No507-No509.txt
Description: Binary data
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
