Quick addendum: I forgot to mention that upon reviewing the packets
with tcpdump, the window size is calculated correctly. I also tried
downloading the latest version of Ethereal from the site, but the window
size remains incorrect. Thanks.
Arne
On Wed, 2004-03-24 at 13:35, Arne Sagnes wrote:
> Hello everyone,
> first of all I'd like to thank everyone for a great and versatile
> product. Ethereal has without a doubt made my life a whole lot easier,
> and I've never had any complaints on it. :) Today, however, I noticed
> something extremely strange. I was sniffing traffic on one of our
> servers, and I came upon an odd discrepancy. In the section for
> "Transmission Control Protocol", I saw that the "Window size" was listed
> as "66608". This was out of the ordinary, so I decided to investigate.
> What I found was the the hex value representing "66608" was actually
> "8218". Now, the interesting thing is that in another conversation,
> that same hex value is translated to "33304", which I believe is the
> correct value.
> Due to the sensitive nature of the traffic, I'm afraid I can't include
> a sample of the traffic dump itself, but I can provide a screenshot of
> the window containing the packet, if anyone is interested. Has anyone
> seen this behavior before, or have an explanation that I'm missing?
> I've searched through the docs, man pages, FAQs and archives on
> ethereal.com; I also went Googling, but I was unable to come up with
> any clues. Any help would be greatly appreciated.
>
> Arne
--
Arne Sagnes - Email: asagnes@xxxxxxxxxxx
Work: +1 440 949 8225 - Cell: +1 216 577 2319
Be careful of reading health books, you might die of a misprint.
