Re: Filtering sequence numbers between concurrent incoming TCP transmissions

[Richard Bejtlich <taosecurity () gmail com>]

On Sun, May 2, 2010 at 9:21 PM, Jeff Bruns <jeff.bruns () gmail com> wrote:
> Greetings-
> I've been using Wireshark to analyze network traffic that's being parsed by
> a network sniffing perl application. My recent problem is that I've
> discovered 2 incoming messages, occuring within nanoseconds of each other. I
> suspect that my network sniffer is trying to reassemble some or all of the
> packets of both messages into a single message. Obviously the packets from
> both of these transmissions adhere to one of two sequence number schemes,
> depending on which message they belong to.

Hello,

Do you mean to say you have two TCP segments, such that

Msg 1: Src IP A Src Port B -> Dst IP C Dst Port D

and

Msg 2: Src IP A Src Port B -> Dst IP C Dst Port D

?

In other words, you expect your application to differentiate between
segments based on sequence number alone?

Sincerely,

Richard
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe