Hello,
sometime during initial TCP three way-handshake we receive a SYN/ACK with a wrong "acknowledge number". Due to that session is RST'ed and new SYN, SYN/ACK, ACK is established:
port 9002 (not OK)
#7 SYN: Sequence number: 3984327472, Acknowledge number: 0
#9 SYN/ACK: Sequence number: 2091354661, Acknowledge number: 438045413
#11 RST
#13 SYN: Sequence number: 3109740195, Acknowledge number: 0
#15 SYN/ACK: Sequence number: 2689518568, Acknowledge number: 3109740196
#16 ACK: Sequence number: 3109740196, Acknowledge number: 2689518569
Interestingly all subsequent packets in such tcp stream are erroneously considered by wireshark as retransmissions.
If we tell wireshark to ignore packets 7-9-11 then wireshark is not fooled anymore and remaining packets get finally decoded properly.
Is this a wireshark known issue where its analysis does not start upon new tcp succesfully establishment ?
Thx, A.