Ethereal-users: [Ethereal-users] TCP Sequence Analysis Confusion

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Scott Fringer <fringsm@xxxxxxxxxxxxxxxxx>
Date: Tue, 10 Sep 2002 14:00:11 -0400 (EDT)
Hello,
  I've got a capture I'm analyzing that, when I have TCP Seq. Analysis
enabled tells me that the [TCP Previous segment lost]; but I'm not able to
determine why it feels the previous segment was lost.
  I'm checking sequence numbers, and they follow as expected:

simple SYN -> SYN,ACK -> ACK Seq. numbers:

SYN     - Seq: 3415528532 Ack: 0

SYN,ACK - Seq: 2570504029 Ack: 3415528533

ACK     - Seq: 3415528533 Ack: 2570504030 (<- noted as TCP Prv. seg. lost)

  I'm not following where the determination that the previous segment was
lost occurs.  I'm also seeing packets flagged as TCP Retransmission.

  I'd be happy to send a section of the capture that generates this to
whomever on the development team would be interested.

  The capture itself was generated on a Cisco NAM; and simply opened in
Ethereal 0.9.6 (no conversion applied).  Reading the same capture within
Shomiti Surveyor 3.2 I'm not seeing the same analysis of the packets.

Scott

Scott Fringer                              Shands Healthcare @ U.F.
Network Systems Analyst                        Gainesville, FL