On Thu, Jan 22, 2009 at 10:23:02AM -0800, Malaviya, Keyur wrote: > > We are concerned about the sequence number differences and want to confirm > with you the reason for the difference. > > From Wireshark Wiki, I found "relative sequence number" settings and as > per this Ethereal always starts with sequence number "0". But Wireshark > starts with sequence number "1" and it has one number higher for every > sequence number and ACK packets compared to ethereal. Why this difference? > Does Wireshark require some settings or parameter to be set?
Have a look at bug 1542 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1542) the code that calculates sequence numbers has been corrected to behave in a more predictable way when comparing tracefiles. Is it true that in your capture file, the SYN or the SYN/ACK are missing? Could you compare output of ethereal and wireshark on a capture file that includes the whole TCP session (3way-handshake, data, FIN/FIN)? Any differences now? If so, please provide full version information on both ethereal and wireshark, the capture file and the relative sequence numbers that ethereal produces on the first 5 packets (SYN, SYN/ACK, ACK, data from client, ACK from server). Cheers, Sake PS It's better to use the "wireshark-users" list for this type of question, as it does not involve development, as it is more of a usage question. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
