 | 1 | initial version |
Are you using the sameDefault profile in Wireshark?
Make a custom profile and uncheck Analyze TCP sequence numbers in the TCP Preferences.
Then specify that profile on the tshark command line with the -C option.
Downloads$ tshark -r ./333b.pcapng -C Ask_Diameter
1 0.000000 10.9.9.9 → 10.10.10.10 TCP 2868 3868 → 33422 [ACK] Seq=2217234530 Ack=773019158 Win=32586 Len=2800 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
2 0.000034 10.9.9.9 → 10.10.10.10 TCP 2868 3868 → 33422 [ACK] Seq=2217238730 Ack=773019158 Win=32586 Len=2800 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
3 0.000044 10.9.9.9 → 10.10.10.10 TCP 892 3868 → 33422 [PSH, ACK] Seq=2217241530 Ack=773019158 Win=32586 Len=824 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
4 0.000028 10.9.9.9 → 10.10.10.10 DIAMETER/XML 1468 cmd=User-Data Answer(306) flags=-P-- appl=3GPP Sh(16777217) h2h=13b8ff6 e2e=3831ef6 |
Downloads$ tshark -r ./333b.pcapng
1 0.000000 3868 10.9.9.9 33422 10.10.10.10 TCP 2868 10.9.9.9,10.10.10.10 3868 → 33422 [ACK] Seq=1 Ack=1 Win=32586 Len=2800 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
2 0.000034 3868 10.9.9.9 33422 10.10.10.10 TCP 2868 10.9.9.9,10.10.10.10 [TCP Previous segment not captured] 3868 → 33422 [ACK] Seq=4201 Ack=1 Win=32586 Len=2800 TSval=665039809 TSecr=24375476
68 [TCP segment of a reassembled PDU]
3 0.000044 3868 10.9.9.9 33422 10.10.10.10 TCP 892 10.9.9.9,10.10.10.10 3868 → 33422 [PSH, ACK] Seq=7001 Ack=1 Win=32586 Len=824 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled
PDU]
4 0.000028 3868 10.9.9.9 33422 10.10.10.10 TCP 1468 10.9.9.9,10.10.10.10 [TCP Retransmission] 3868 → 33422 [ACK] Seq=2801 Ack=1 Win=32586 Len=1400 TSval=665039809 TSecr=2437547668
Downloads$ tshark -v | head -1
TShark (Wireshark) 4.0.1 (v4.0.1-0-ge9f3970b1527).
| | 2 | No.2 Revision |
Are you using the sameDefault profile in Wireshark?
Make a custom profile and uncheck Analyze TCP sequence numbers in the TCP Preferences.
Then specify that profile on the tshark command line with the -C option.
Downloads$ tshark -r ./333b.pcapng -C Ask_Diameter
1 0.000000 10.9.9.9 → 10.10.10.10 TCP 2868 3868 → 33422 [ACK] Seq=2217234530 Ack=773019158 Win=32586 Len=2800 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
2 0.000034 10.9.9.9 → 10.10.10.10 TCP 2868 3868 → 33422 [ACK] Seq=2217238730 Ack=773019158 Win=32586 Len=2800 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
3 0.000044 10.9.9.9 → 10.10.10.10 TCP 892 3868 → 33422 [PSH, ACK] Seq=2217241530 Ack=773019158 Win=32586 Len=824 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
4 0.000028 10.9.9.9 → 10.10.10.10 DIAMETER/XML 1468 cmd=User-Data Answer(306) flags=-P-- appl=3GPP Sh(16777217) h2h=13b8ff6 e2e=3831ef6 |
Downloads$ tshark -r ./333b.pcapng
1 0.000000 3868 10.9.9.9 33422 10.10.10.10 TCP 2868 10.9.9.9,10.10.10.10 3868 → 33422 [ACK] Seq=1 Ack=1 Win=32586 Len=2800 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled PDU]
2 0.000034 3868 10.9.9.9 33422 10.10.10.10 TCP 2868 10.9.9.9,10.10.10.10 [TCP Previous segment not captured] 3868 → 33422 [ACK] Seq=4201 Ack=1 Win=32586 Len=2800 TSval=665039809 TSecr=24375476
68 TSecr=2437547668 [TCP segment of a reassembled PDU]
3 0.000044 3868 10.9.9.9 33422 10.10.10.10 TCP 892 10.9.9.9,10.10.10.10 3868 → 33422 [PSH, ACK] Seq=7001 Ack=1 Win=32586 Len=824 TSval=665039809 TSecr=2437547668 [TCP segment of a reassembled
reassembled PDU]
4 0.000028 3868 10.9.9.9 33422 10.10.10.10 TCP 1468 10.9.9.9,10.10.10.10 [TCP Retransmission] 3868 → 33422 [ACK] Seq=2801 Ack=1 Win=32586 Len=1400 TSval=665039809 TSecr=2437547668
Downloads$ tshark -v | head -1
TShark (Wireshark) 4.0.1 (v4.0.1-0-ge9f3970b1527).