First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark Version - Expert Info

  • retag add tags

Version 4.2.3 had a dif output from 4.1.1 on a capture I did on 4.0.1

I opened it in the 4.1.1 and it showed 83 'ACKED Seg not Captured' but when I opened it in 4.2.3....it all went away. Problem solved...yay...except I'm still seeing drops.

Is there any reported issues in 4.2.3 with a Discrepancy on 'ACKED SEG Not Captured'

Requires '60 points' to upload so....

Willsass's avatar
1
Willsass
asked 2024-02-23 19:23:24 +0000, updated 2024-02-23 19:29:15 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I've got a screen shot to upload...if I can figure out how to upload it here

Willsass's avatar Willsass (2024-02-23 19:24:13 +0000) edit
more
  • delete

Put it on a public file share and update the question with a link to it.

Chuckc's avatar Chuckc (2024-02-23 20:53:37 +0000) edit
more
  • delete

And a pcap file instead of a screenshot helps us help you even (a lot!) better :-)

SYN-bit's avatar SYN-bit (2024-02-24 09:36:01 +0000) edit
more
  • delete

Thanks everyone...for 'privacy' issues, I wont be able to put the data online but if you check out Laura Chappel's Tshooting profiles - go to 'tr-badcapture.pcapng'

you can see a dif between the Versions.

in 4.07 there are 19 issues with 'ACKed Segment that wasn't captured (common at capture start) but you get to 4.23 and there are 7 issues with the same field.

Anomoli? Not sure but stuff like this.....can shake one's trust that what I'm looking at...is real.

https://s3.amazonaws.com/book.supplem...

My issue is much more severe....I had 180 in 4.07 but 3 in 4.2.3 W/out digging into each packet issue, that's a pretty big dif. Laura's capture is much smaller than mine so a lot fewer but there is a discrepancy nonetheless.

Willsass's avatar Willsass (2024-02-26 05:38:36 +0000) edit
more
  • delete

Link to page

https://s3.amazonaws.com/book.supplem...

Willsass's avatar Willsass (2024-02-26 05:39:37 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Thank you for providing a capture file that shows the issue. I can confirm that I see the same behavior. I did a quick check on the git log to see which commit could have been related and saw this one:

5d1bbae14f TCP: Enhance Unseen Ack detection

I guess this behavior in this specific case is either overlooked or changed on purpose. As this can be seen as a bug in case it was overlooked, the way to get this fixed is to open an Issue on our gitlab page. I do not have the time myself at the moment to test whether the commit above is indeed the culprit, but you could mention it in the bug report (please also link this question to it and post the link to the gitlab issue here as well).

SYN-bit's avatar
18.5k
SYN-bit
answered 2024-02-26 09:56:27 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for the input. So I can prob safely say I'm seeing the issue.....

Willsass's avatar Willsass (2024-02-26 17:29:10 +0000) edit
more
  • delete

Done...thank your for looking at this

https://gitlab.com/wireshark/wireshar...

Willsass's avatar Willsass (2024-02-26 17:45:39 +0000) edit
more
  • delete

Perfect, thanks!

SYN-bit's avatar SYN-bit (2024-02-26 19:38:36 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer