Ask Your Question
0

Wireshark Version - Expert Info

asked 2024-02-23 19:23:24 +0000

Willsass gravatar image

updated 2024-02-23 19:29:15 +0000

Version 4.2.3 had a dif output from 4.1.1 on a capture I did on 4.0.1

I opened it in the 4.1.1 and it showed 83 'ACKED Seg not Captured' but when I opened it in 4.2.3....it all went away. Problem solved...yay...except I'm still seeing drops.

Is there any reported issues in 4.2.3 with a Discrepancy on 'ACKED SEG Not Captured'

Requires '60 points' to upload so....

edit retag flag offensive close merge delete

Comments

I've got a screen shot to upload...if I can figure out how to upload it here

Willsass gravatar imageWillsass ( 2024-02-23 19:24:13 +0000 )edit

Put it on a public file share and update the question with a link to it.

Chuckc gravatar imageChuckc ( 2024-02-23 20:53:37 +0000 )edit

And a pcap file instead of a screenshot helps us help you even (a lot!) better :-)

SYN-bit gravatar imageSYN-bit ( 2024-02-24 09:36:01 +0000 )edit

Thanks everyone...for 'privacy' issues, I wont be able to put the data online but if you check out Laura Chappel's Tshooting profiles - go to 'tr-badcapture.pcapng'

you can see a dif between the Versions.

in 4.07 there are 19 issues with 'ACKed Segment that wasn't captured (common at capture start) but you get to 4.23 and there are 7 issues with the same field.

Anomoli? Not sure but stuff like this.....can shake one's trust that what I'm looking at...is real.

https://s3.amazonaws.com/book.supplem...

My issue is much more severe....I had 180 in 4.07 but 3 in 4.2.3 W/out digging into each packet issue, that's a pretty big dif. Laura's capture is much smaller than mine so a lot fewer but there is a discrepancy nonetheless.

Willsass gravatar imageWillsass ( 2024-02-26 05:38:36 +0000 )edit
Willsass gravatar imageWillsass ( 2024-02-26 05:39:37 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-02-26 09:56:27 +0000

SYN-bit gravatar image

Thank you for providing a capture file that shows the issue. I can confirm that I see the same behavior. I did a quick check on the git log to see which commit could have been related and saw this one:

5d1bbae14f TCP: Enhance Unseen Ack detection

I guess this behavior in this specific case is either overlooked or changed on purpose. As this can be seen as a bug in case it was overlooked, the way to get this fixed is to open an Issue on our gitlab page. I do not have the time myself at the moment to test whether the commit above is indeed the culprit, but you could mention it in the bug report (please also link this question to it and post the link to the gitlab issue here as well).

edit flag offensive delete link more

Comments

Thank you for the input. So I can prob safely say I'm seeing the issue.....

Willsass gravatar imageWillsass ( 2024-02-26 17:29:10 +0000 )edit

Done...thank your for looking at this

https://gitlab.com/wireshark/wireshar...

Willsass gravatar imageWillsass ( 2024-02-26 17:45:39 +0000 )edit

Perfect, thanks!

SYN-bit gravatar imageSYN-bit ( 2024-02-26 19:38:36 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-02-23 19:23:24 +0000

Seen: 166 times

Last updated: Feb 26