Ask Your Question
0

nextseq and nextseqtime

asked 2024-07-05 08:51:15 +0000

7ACE gravatar image

updated 2024-07-05 09:18:59 +0000

Hi experts,

What is nextseq and nextseqtime? Is the nextseqtime an estimated value or a real value?

No.1 SeqNum 1      NextSeq 1449    Ack 100 
No.2 SeqNum 1449   NextSeq 2897    Ack 100

1. Is nextseq 2897?
2. Is nextseqtime the timestamp of packet No.2? or?


No.1 SeqNum 1      NextSeq 1449    Ack 100 
No.2 SeqNum 2897   NextSeq 3000    Ack 100

3. Is nextseq 3000?
4. Is nextseqtime the timestamp of packet No.2? or?

The relevant code:

 typedef struct tcp_analyze_seq_flow_info_t {
    guint32 nextseq;         /* highest seen nextseq */
    nstime_t nextseqtime;    /* Time of the nextseq packet so we can
                              * distinguish between retransmission,
                              * fast retransmissions and outoforder
                              */
 }

Regards, 7ACE

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2024-07-05 11:43:45 +0000

SYN-bit gravatar image

From a quick run through the source code, I think this is the relevant part:

/* Store the highest number seen so far for nextseq so we can detect
 * when we receive segments that arrive with a "hole"
 * If we don't have anything since before, just store what we got.
 * ZeroWindowProbes are special and don't really advance the nextseq
 */
if(GT_SEQ(nextseq, tcpd->fwd->tcp_analyze_seq_info->nextseq) || !tcpd->fwd->tcp_analyze_seq_info->nextseq) {
    if( !tcpd->ta || !(tcpd->ta->flags&TCP_A_ZERO_WINDOW_PROBE) ) {
        tcpd->fwd->tcp_analyze_seq_info->nextseq=nextseq;
        tcpd->fwd->tcp_analyze_seq_info->nextseqframe=pinfo->num;
        tcpd->fwd->tcp_analyze_seq_info->nextseqtime.secs=pinfo->abs_ts.secs;
        tcpd->fwd->tcp_analyze_seq_info->nextseqtime.nsecs=pinfo->abs_ts.nsecs;
    }           
}

Which means, the highest seen value for next sequence number is kept in combination of the timestamp of the currently analyzed packet in order to help analyze the next packets in regards to retransmissions, out-of-order etc.

edit flag offensive delete link more

Comments

So does nextseq refer to the NextSeqNum of the current packet, while tcpd->fwd->tcp_analyze_seq_info->nextseq refers to the NextSeqNum of the previous packet?

7ACE gravatar image7ACE ( 2024-07-05 13:25:59 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-07-05 08:51:15 +0000

Seen: 49 times

Last updated: Jul 05