General discussion
-
Topic
-
Wireshark – To “Analyze TCP sequence numbers” or not to analyze
I’ve been trobueshooting something I’ve been seeing for a few months. A wireshark capture I’ve been anaylyzing has some TCP out of order, Dup Ack’s, and previous segment not captured. Application works fine but not sure why I get these errors. When I place the client and server on the same segment and right next to each other I still get the same errors. I was told to uncheck the Analyze TCP sequence numbers and then all the errors disappeared from the pcap file. They informed Wireshark has its own way of looking at the sequence numbers instead of using the raw sequence numbers from the pcap. If I look at every wireshark capture file and have this option unchecked will wireshark disregard any errors it might potentially see. Does wireshark have any issues analyzing a pcap with its own sequence numbers? Any input is greatly appreciated?