diff options
author | Gerald Combs <gerald@wireshark.org> | 2017-05-26 15:10:48 -0700 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2017-06-15 04:13:28 +0000 |
commit | 01fe854fa00e780e2eb7f9b18a11a09ff0dc1c11 (patch) | |
tree | 3def25e466f972ebebf95b1908127c2ecf487a6d /docbook/wsug_src/WSUG_chapter_advanced.asciidoc | |
parent | 86fceac9ad52531b723ce179a46931d9312a33b8 (diff) |
TCP Analysis: Update the spurious retransmission check.
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'docbook/wsug_src/WSUG_chapter_advanced.asciidoc')
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_advanced.asciidoc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_advanced.asciidoc b/docbook/wsug_src/WSUG_chapter_advanced.asciidoc index c6b26978e9..16de26049b 100644 --- a/docbook/wsug_src/WSUG_chapter_advanced.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_advanced.asciidoc @@ -348,7 +348,7 @@ feature via the ``Analyze TCP sequence numbers'' TCP dissector preference. image::wsug_graphics/ws-tcp-analysis.png[{screenshot-attrs}] TCP Analysis flags are added to the TCP protocol tree under ``SEQ/ACK -analysis''. Each flag is described below. The terms ``next expected +analysis''. Each flag is described below. Terms such as ``next expected sequence number'' and ``next expected acknowledgement number'' refer to the following'': @@ -393,6 +393,7 @@ Set when all of the following are true: Set when all of the following are true: +- This is not a keepalive packet. - In the forward direction, the segment size is greater than zero or the SYN or FIN is set. - The next expected sequence number is greater than the current sequence number. - We have more than two duplicate ACKs in the reverse direction. @@ -433,6 +434,7 @@ Supersedes ``Dup ACK'' and ``ZeroWindowProbeAck''. Set when all of the following are true: +- This is not a keepalive packet. - In the forward direction, the segment length is greater than zero or the SYN or FIN is set. - The next expected sequence number is greater than the current sequence number. - The next expected sequence number and the next sequence number differ. @@ -459,7 +461,9 @@ Set when the current sequence number is greater than the next expected sequence Set when all of the following are true: - In the forward direction, the segment length is greater than zero or the SYN or FIN is set. -- The next expected sequence number is greater than the current sequence number. +- This is not a keepalive packet. +- The segment length is greater than zero. +- Data for this flow has been acknowledged. That is, the last-seen acknowledgement number has been set. - The next sequence number is less than or equal to the last-seen acknowledgement number. Supersedes ``Retransmission''. @@ -470,6 +474,7 @@ Supersedes ``Retransmission''. Set when all of the following are true: +- This is not a keepalive packet. - In the forward direction, the segment length is greater than zero or the SYN or FIN is set. - The next expected sequence number is greater than the current sequence number. |