Ask Your Question

Revision history [back]

Display filter showing different results on different versions

Hello,

I am trying to inspect traffic for duplicate TCP flows. When I implement the following filter, I get two different results between version 4.2.6 and version 3.4.9:

tcp.flags.syn == 1 and tcp.flags.ack==0 and tcp.analysis.out_of_order or tcp.analysis.reused_ports

on version 3.4.9, this filter displays 556 packets. on version 4.2.6, on the exact same capture, this filter displays 0 packets.

which version is correct? why is there such a huge discrepancy?

click to hide/show revision 2
None

updated 2024-07-17 08:07:28 +0000

grahamb gravatar image

Display filter showing different results on different versions

Hello,

I am trying to inspect traffic for duplicate TCP flows. When I implement the following filter, I get two different results between version 4.2.6 and version 3.4.9:

tcp.flags.syn == 1 and tcp.flags.ack==0 and tcp.analysis.out_of_order or tcp.analysis.reused_ports
tcp.analysis.reused_ports

on version 3.4.9, this filter displays 556 packets. on version 4.2.6, on the exact same capture, this filter displays 0 packets.

which version is correct? why is there such a huge discrepancy?