frame 2 : client send syn to server frame 3: server reply with PSH,ACK frame 4: client send RST to server frame 16: client send SYN(same as fram 1) to server frame 18: server reply SYN,ACK to client, now wireshark can't parse server sequence correctly. I think it may be caused by frame3.
Frame 2: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) Ethernet II, Src: EquipTra_00:00:05 (00:01:00:00:00:05), Dst: EquipTra_00:00:04 (00:01:00:00:00:04) Internet Protocol Version 4, Src: 223.71.63.228, Dst: 103.20.114.2 Transmission Control Protocol, Src Port: 18000, Dst Port: 18000, Seq: 0, Len: 0 Source Port: 18000 Destination Port: 18000 [Stream index: 0] [TCP Segment Len: 0] Sequence number: 0 (relative sequence number) [Next sequence number: 0 (relative sequence number)] Acknowledgment number: 0 1001 .... = Header Length: 36 bytes (9) Flags: 0x002 (SYN) Window size value: 63463 [Calculated window size: 63463] Checksum: 0x0000 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (16 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted, Experimental [Timestamps]
Frame 3: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: EquipTra_00:00:04 (00:01:00:00:00:04), Dst: EquipTra_00:00:05 (00:01:00:00:00:05) Internet Protocol Version 4, Src: 103.20.114.2, Dst: 223.71.63.228 Transmission Control Protocol, Src Port: 18000, Dst Port: 18000, Seq: 1, Ack: 46860495, Len: 0 Source Port: 18000 Destination Port: 18000 [Stream index: 0] [TCP Segment Len: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 1 (relative sequence number)] Acknowledgment number: 46860495 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) Window size value: 46722 [Calculated window size: 95686656] [Window size scaling factor: 2048] Checksum: 0x3a06 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.005699000 seconds] [TCP Analysis Flags] [Expert Info (Warning/Sequence): ACKed segment that wasn't captured (common at capture start)] [ACKed segment that wasn't captured (common at capture start)] [Severity level: Warning] [Group: Sequence] [Timestamps]
Frame 4: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: EquipTra_00:00:05 (00:01:00:00:00:05), Dst: EquipTra_00:00:04 (00:01:00:00:00:04) Internet Protocol Version 4, Src: 223.71.63.228, Dst: 103.20.114.2 Transmission Control Protocol, Src Port: 18000, Dst Port: 18000, Seq: 46860495, Len: 0 Source Port: 18000 Destination Port: 18000 [Stream index: 0] [TCP Segment Len: 0] Sequence number: 46860495 (relative sequence number) [Next sequence number: 46860495 (relative sequence number)] Acknowledgment number: 0 0101 .... = Header Length: 20 bytes (5) Flags: 0x004 (RST) Window size value: 0 [Calculated window size: 0] [Window size scaling factor: 2048] Checksum: 0x0000 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [Timestamps]
Frame 16: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) Ethernet II, Src: EquipTra_00:00:05 (00:01:00:00:00:05), Dst: EquipTra_00:00:04 (00:01:00:00:00:04) Internet Protocol Version 4, Src: 223.71.63.228, Dst: 103.20.114.2 Transmission Control Protocol, Src Port: 18000, Dst Port: 18000, Seq: 0, Len: 0 Source Port: 18000 Destination Port: 18000 [Stream index: 0] [TCP Segment Len: 0] Sequence number: 0 (relative sequence number) [Next sequence number: 0 (relative sequence number)] Acknowledgment number: 0 1001 .... = Header Length: 36 bytes (9) Flags: 0x002 (SYN) Window size value: 63463 [Calculated window size: 63463] Checksum: 0x0000 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (16 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted, Experimental [SEQ/ACK analysis] [iRTT: 0.005699000 seconds] [TCP Analysis Flags] [Expert Info (Note/Sequence): This frame is a (suspected) retransmission] [This frame is a (suspected) retransmission] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.346899000 seconds] [RTO based on delta from frame: 4] [Timestamps] TRANSUM RTE Data
Frame 18: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) Ethernet II, Src: EquipTra_00:00:04 (00:01:00:00:00:04), Dst: EquipTra_00:00:05 (00:01:00:00:00:05) Internet Protocol Version 4, Src: 103.20.114.2, Dst: 223.71.63.228 Transmission Control Protocol, Src Port: 18000, Dst Port: 18000, Seq: 4270148056, Ack: 1, Len: 0 Source Port: 18000 Destination Port: 18000 [Stream index: 0] [TCP Segment Len: 0] Sequence number: 4270148056 (relative sequence number) [Next sequence number: 4270148056 (relative sequence number)] Acknowledgment number: 1 (relative ack number) 1001 .... = Header Length: 36 bytes (9) Flags: 0x012 (SYN, ACK) Window size value: 63463 [Calculated window size: 63463] Checksum: 0x2bad [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (16 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted, Experimental [SEQ/ACK analysis] [This is an ACK to the segment in frame: 16] [The RTT to ACK the segment was: 0.005809000 seconds] [iRTT: 0.005699000 seconds] [TCP Analysis Flags] [Expert Info (Note/Sequence): A new tcp session is started with the same ports as an earlier session in this trace] [A new tcp session is started with the same ports as an earlier session in this trace] [Severity level: Note] [Group: Sequence] [Expert Info (Note/Sequence): This frame is a (suspected) retransmission] [This frame is a (suspected) retransmission] [Severity level: Note] [Group: Sequence] [The RTO for this segment was: 0.352749000 seconds] [RTO based on delta from frame: 3] [Timestamps]
