Wireshark Version - Expert Info

asked 2024-02-23 19:23:24 +0000

Willsass
1 ●1

updated 2024-02-23 19:29:15 +0000

Version 4.2.3 had a dif output from 4.1.1 on a capture I did on 4.0.1

I opened it in the 4.1.1 and it showed 83 'ACKED Seg not Captured' but when I opened it in 4.2.3....it all went away. Problem solved...yay...except I'm still seeing drops.

Is there any reported issues in 4.2.3 with a Discrepancy on 'ACKED SEG Not Captured'

Requires '60 points' to upload so....

edit retag flag offensive close merge delete

Comments

I've got a screen shot to upload...if I can figure out how to upload it here

Willsass ( 2024-02-23 19:24:13 +0000 )edit

Put it on a public file share and update the question with a link to it.

Chuckc ( 2024-02-23 20:53:37 +0000 )edit

And a pcap file instead of a screenshot helps us help you even (a lot!) better :-)

SYN-bit ( 2024-02-24 09:36:01 +0000 )edit

Thanks everyone...for 'privacy' issues, I wont be able to put the data online but if you check out Laura Chappel's Tshooting profiles - go to 'tr-badcapture.pcapng'

you can see a dif between the Versions.

in 4.07 there are 19 issues with 'ACKed Segment that wasn't captured (common at capture start) but you get to 4.23 and there are 7 issues with the same field.

Anomoli? Not sure but stuff like this.....can shake one's trust that what I'm looking at...is real.

https://s3.amazonaws.com/book.supplem...

My issue is much more severe....I had 180 in 4.07 but 3 in 4.2.3 W/out digging into each packet issue, that's a pretty big dif. Laura's capture is much smaller than mine so a lot fewer but there is a discrepancy nonetheless.

Willsass ( 2024-02-26 05:38:36 +0000 )edit

Link to page

https://s3.amazonaws.com/book.supplem...

Willsass ( 2024-02-26 05:39:37 +0000 )edit

add a comment

answered 2024-02-26 09:56:27 +0000

SYN-bit

18528 ●9 ●339 ●255 https://SYN-b.it

Thank you for providing a capture file that shows the issue. I can confirm that I see the same behavior. I did a quick check on the git log to see which commit could have been related and saw this one:

5d1bbae14f TCP: Enhance Unseen Ack detection

I guess this behavior in this specific case is either overlooked or changed on purpose. As this can be seen as a bug in case it was overlooked, the way to get this fixed is to open an Issue on our gitlab page. I do not have the time myself at the moment to test whether the commit above is indeed the culprit, but you could mention it in the bug report (please also link this question to it and post the link to the gitlab issue here as well).

edit flag offensive delete link

Comments

Thank you for the input. So I can prob safely say I'm seeing the issue.....

Willsass ( 2024-02-26 17:29:10 +0000 )edit

Done...thank your for looking at this

https://gitlab.com/wireshark/wireshar...

Willsass ( 2024-02-26 17:45:39 +0000 )edit

Perfect, thanks!

SYN-bit ( 2024-02-26 19:38:36 +0000 )edit

add a comment

Wireshark Version - Expert Info

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Wireshark Version - Expert Info edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Wireshark Version - Expert Info