Wireshark mailing list archives
Re: Regarding TCP Previous Segment Lost
From: "Zachary J. Ziemba" <zach.ziemba () backbonesecurity com>
Date: Tue, 20 Mar 2012 21:06:27 +0000
Hadn't thought of that until you mentioned it. I checked on it and confirmed that they are coming from the same mac address. I'm actually leaning towards Stuart's example in another post as to why this is occurring after confirming what you and Scott have suggested. Thanks for the responses, starting to get a handle on it now. -Zach From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Tim.Poth () bentley com Sent: Tuesday, March 20, 2012 11:58 AM To: wireshark-users () wireshark org Subject: Re: [Wireshark-users] Regarding TCP Previous Segment Lost I have seen something like this before when I was getting the packets for the same conversation back from two different routers, In my case the routers were peers to the box I was on so the mac addresses were a dead giveaway between the frames. Assuming this is your issue aswell and depending on your setup you might see different mac address in your capture or you might need to go upstream abit to do the capture. Hope that helps tim From: wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org> [mailto:wireshark-users-bounces () wireshark org]<mailto:[mailto:wireshark-users-bounces () wireshark org]> On Behalf Of Zachary J. Ziemba Sent: Tuesday, March 20, 2012 10:44 AM To: wireshark-users () wireshark org<mailto:wireshark-users () wireshark org> Subject: [Wireshark-users] Regarding TCP Previous Segment Lost Hi, Can anyone offer a potential scenario that would explain why the highlighted packets are occurring in a stream that they do not appear to correspond to? I'm new to analyzing network traffic and can't understand why the sequence number would transition in such a way mid-connection. Wireshark lists these packets as Previous Segment Lost/Retransmission but they appear to be unrelated to the connection. Thanks in advance, Zach
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Regarding TCP Previous Segment Lost Zachary J. Ziemba (Mar 20)
- Re: Regarding TCP Previous Segment Lost Tim.Poth (Mar 20)
- Re: Regarding TCP Previous Segment Lost Zachary J. Ziemba (Mar 20)
- Re: Regarding TCP Previous Segment Lost Prigge Scott (Mar 20)
- Re: Regarding TCP Previous Segment Lost Stuart Kendrick (Mar 20)
- Re: Regarding TCP Previous Segment Lost Tim.Poth (Mar 20)