Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2019-07-07 08:29:38 +0000

SYN-bit gravatar image

Hi @Harvey

I looked at your capture file and it seems pretty weird:

  • There is data in the SYN in frame 15
  • I miss the SYN/ACK to the SYN in frame 15
  • There are gaps in the data
  • The sequence numbers don't follow a normal pattern

So either the way the trace was captured messed things up by not capturing all the packets and/or mangling them. Or the TCP stack of the board at hand is very buggy. In either case, since the sequence numbering is way off, the Wireshark TCP dissector can not make sense out of the data to hand over the payload to your sub-dissector properly.

If the problem is persisting, could you make better capture files (one near each of the endpoints would be ideal) and tell us a little more about this setup (what kind of systems are involved, network layout, etc.)?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2