Hi,
i was looking through automatically analysing tethereal full decode
output with a perl script following/matching sequence numbers. Now
ethereal trys to be smart and shows the relative sequence numbers. Now
it happens that i want to match an ICMP packet. The TCP header in the
ICMP packets payload now says "relative sequence number" although its
the absolute one.
I would also suggest to always print the absolute sequence number and
the relative only as an addon/hint. ( I know i can turn of the smartness of
ethereal )
Example:
Frame 6 (590 bytes on wire, 590 bytes captured)
Arrival Time: May 15, 2005 14:14:19.779882000
Time delta from previous packet: 0.000069000 seconds
Time since reference or first frame: 0.246602000 seconds
Frame Number: 6
Packet Length: 590 bytes
Capture Length: 590 bytes
Protocols in frame: eth:ip:icmp:ip:tcp:http:data-text-lines
Ethernet II, Src: 00:0c:f1:f3:7f:11, Dst: 00:90:ab:81:9c:00
Destination: 00:90:ab:81:9c:00 (Cisco_81:9c:00)
Source: 00:0c:f1:f3:7f:11 (Intel_f3:7f:11)
Type: IP (0x0800)
Internet Protocol, Src Addr: 195.71.99.205 (195.71.99.205), Dst Addr: 129.42.21.99 (129.42.21.99)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 576
Identification: 0xe89d (59549)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (0x01)
Header checksum: 0x12bd (correct)
Source: 195.71.99.205 (195.71.99.205)
Destination: 129.42.21.99 (129.42.21.99)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 4 (Fragmentation needed)
Checksum: 0x9ba3 (correct)
MTU of next hop: 576
Internet Protocol, Src Addr: 129.42.21.99 (129.42.21.99), Dst Addr: 195.71.99.205 (195.71.99.205)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1388
Identification: 0xd806 (55302)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 42
Protocol: TCP (0x06)
Header checksum: 0xf5e3 (correct)
Source: 129.42.21.99 (129.42.21.99)
Destination: 195.71.99.205 (195.71.99.205)
Transmission Control Protocol, Src Port: www (80), Dst Port: 56279 (56279), Seq: 774370409, Ack: 2293655771
Source port: www (80)
Destination port: 56279 (56279)
Sequence number: 774370409 (relative sequence number)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Acknowledgement number: 2293655771 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65464
Checksum: 0xeaf2 (incorrect, should be 0xcc21)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1122636011, tsecr 3361957875
Flo
--
Florian Lohoff flo@xxxxxxxxxx +49-171-2280134
Heisenberg may have been here.
Attachment:
signature.asc
Description: Digital signature
