THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 4
7ACE's avatar
40
7ACE
updated 2022-02-27 01:47:31 +0000

TCP Analysis questions

Hi experts,

For the TCP Analysis , I have the following questions :

https://www.wireshark.org/docs/wsug_html_chunked/ChAdvTCPAnalysis.html

Next expected sequence number

The last-seen sequence number plus segment length. Set when there are no analysis flags and for zero window probes. This is initially zero and calculated based on the previous packet in the same TCP flow. Note that this may not be the same as the tcp.nxtseq protocol field.

1.What's the difference between "Next expected sequence number" and "Next sequence number"?

Next sequence number : tcp.nxtseq = tcp.seq + tcp.len

Next expected sequence number : ?

2.What's the meaning of the "Set when there are no analysis flags and for zero window probes." ?

3.What's the meaning of the "Note that this may not be the same as the tcp.nxtseq protocol field."?In what situation would this happen?

Next expected acknowledgement number

The last-seen sequence number for segments. Set when there are no analysis flags and for zero window probes.

4.Next expected acknowledgement number : tcp.ack ?

Last-seen acknowledgment number

Always set. Note that this is not the same as the next expected acknowledgment number.

Last-seen acknowledgment number

Always updated for each packet. Note that this is not the same as the next expected acknowledgment number.

5.What's the difference between the two?

Regards, 7ACE

Revision 3
7ACE's avatar
40
7ACE
updated 2022-02-25 01:07:31 +0000

TCP Analysis questions

Hi experts,

For the TCP Analysis , I have the following questions :

https://www.wireshark.org/docs/wsug_html_chunked/ChAdvTCPAnalysis.html

Next expected sequence number

The last-seen sequence number plus segment length. Set when there are no analysis flags and for zero window probes. This is initially zero and calculated based on the previous packet in the same TCP flow. Note that this may not be the same as the tcp.nxtseq protocol field.

1.What's the difference between "Next expected sequence number" and "Next sequence number"?

Next sequence number : tcp.nxtseq = tcp.seq + tcp.len

Next expected sequence number : ?

2.What's the meaning of the "Set when there are no analysis flags and for zero window probes." ?

3.What's the meaning of the "Note that this may not be the same as the tcp.nxtseq protocol field."?In what situation would this happen?field."?

Next expected acknowledgement number

The last-seen sequence number for segments. Set when there are no analysis flags and for zero window probes.

4.Next expected acknowledgement number : tcp.ack ?

Last-seen acknowledgment number

Always set. Note that this is not the same as the next expected acknowledgment number.

Last-seen acknowledgment number

Always updated for each packet. Note that this is not the same as the next expected acknowledgment number.

5.What's the difference between the two?

Regards, 7ACE

Revision 2
grahamb's avatar
23.8k
grahamb
updated 2022-02-24 10:01:20 +0000

TCP Analysis questions

Hi experts,

For the TCP Analysis , I have the following questions :

https://www.wireshark.org/docs/wsug_html_chunked/ChAdvTCPAnalysis.html

Next expected sequence number

The last-seen sequence number plus segment length. Set when there are no analysis flags and for zero window probes. This is initially zero and calculated based on the previous packet in the same TCP flow. Note that this may not be the same as the tcp.nxtseq protocol field.

1.What's the difference between "Next expected sequence number" and "Next sequence number"?

Next sequence number number** : tcp.nxtseq = tcp.seq + tcp.len

Next expected sequence number number** : ?

2.What's the meaning of the "Set when there are no analysis flags and for zero window probes." ?

3.What's the meaning of the "Note that this may not be the same as the tcp.nxtseq protocol field."?

Next expected acknowledgement number

The last-seen sequence number for segments. Set when there are no analysis flags and for zero window probes.

4.Next expected acknowledgement number : tcp.ack ?

Last-seen acknowledgment number

Always set. Note that this is not the same as the next expected acknowledgment number.

Last-seen acknowledgment number

Always updated for each packet. Note that this is not the same as the next expected acknowledgment number.

5.What's the difference between the two?

Regards, 7ACE

Revision 1
7ACE's avatar
40
7ACE
asked 2022-02-24 09:02:17 +0000

TCP Analysis questions

Hi experts,

For the TCP Analysis , I have the following questions :

https://www.wireshark.org/docs/wsug_html_chunked/ChAdvTCPAnalysis.html

Next expected sequence number
 
number
The last-seen sequence number plus segment length. Set when there are no analysis flags and for zero window probes. This is initially zero and calculated based on the previous packet in the same TCP flow. Note that this may not be the same as the tcp.nxtseq protocol field.
field.

1.What's the difference between "Next expected sequence number" and "Next sequence number"?

Next sequence number

Next sequence number** : tcp.nxtseq = tcp.seq + tcp.len

Next expected sequence number

Next expected sequence number** : ?


2.What's the meaning of the "Set when there are no analysis flags and for zero window probes." ?


3.What's the meaning of the "Note that this may not be the same as the tcp.nxtseq protocol field."?


Next expected acknowledgement number
 
number
The last-seen sequence number for segments. Set when there are no analysis flags and for zero window probes.
probes.

4.Next expected acknowledgement number : tcp.ack tcp.ack ?


Last-seen acknowledgment number
 
number
Always set. Note that this is not the same as the next expected acknowledgment number.
 
number.

Last-seen acknowledgment number
 
number
Always updated for each packet. Note that this is not the same as the next expected acknowledgment number.
number.

5.What's the difference between the two?


Regards, 7ACE