 | 1 | initial version |
What I got was: Duplicate TCP handshake on incremented ports
This is normal behavior of web browsers, they open multiple TCP connections at the same time to be able to request HTTP objects in parallel, even when not explicitly needed (in case the HTML file does not include any other elements)
Malformed packet
This is the first time I see this myself, but the expert info hints that this can be caused by TSO enabled NICs, so I looked at the IPv6 protocol preferences to see if there is a preference to ignore this. And there is. You can enable the option "Support packet-capture from IPv^ TSO-enabled hardware" in order for Wireshark to ignore this protocol error (there should never be a payload length field with value 0 if there is indeed IPv6 payload). With this setting on the TCP dissector will be called and all packet data will be dissected by Wireshark
TCP ACKed unseen segment
As the malformed packet does not get processed by the TCP dissector, it did not see the TCP data in it and therefor this ACK is ACKing data that has not been seen, hence the warning With the above option enabled, this warning goes away.
Dup ACK
This packet is really in the trace, not sure why without deep analysis. And even then, sometimes TCP stacks behave weird, so there might not be a logical explanation.
Previous segment not captured.
As the malformed packet does not get processed by the TCP dissector, it did not see the TCP data in it and therefor this segment follows that that was not seen by wireshark, triggering this warning. With the above option enabled, this warning goes away.
