diff options
| author | Gerald Combs <gerald@wireshark.org> | 2017-08-18 08:44:21 -0700 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2017-08-18 15:48:03 +0000 |
| commit | 9e21f4b8ee27480cce4bc0e4dc3d0c5eefe24e1c (patch) | |
| tree | 0e3df7536cb7209f74b86982a836ebb069a4e869 /docbook | |
| parent | 4f76eb002d65d801d5c262f7b21594d1421de4fd (diff) | |
WSUG: Update the TCP analysis section.
Clarify and fix some items.
Change-Id: I1f9f8a32ceaa1de4c1ec2936913c87c08ba63c88
Reviewed-on: https://code.wireshark.org/review/23123
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'docbook')
| -rw-r--r-- | docbook/wsug_src/WSUG_chapter_advanced.asciidoc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_advanced.asciidoc b/docbook/wsug_src/WSUG_chapter_advanced.asciidoc index 16de26049b..f030d2d96b 100644 --- a/docbook/wsug_src/WSUG_chapter_advanced.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_advanced.asciidoc @@ -355,7 +355,9 @@ the following'': // tcp_analyze_seq_info->nextseq Next expected sequence number:: The last-seen sequence number plus segment length. Set when there are no analysis flags and and for zero -window probes. +window probes. This is initially zero and calculated based on the +previous packet in the same TCP flow. Note that this may not be the same +as the tcp.nxtseq protocol field. // tcp_analyze_seq_info->maxseqtobeacked Next expected acknowledgement number:: The last-seen sequence number for @@ -458,9 +460,10 @@ Set when the current sequence number is greater than the next expected sequence [float] ==== TCP Spurious Retransmission -Set when all of the following are true: +Checks for a retransmission based on analysis data in the reverse +direction. Set when all of the following are true: -- In the forward direction, the segment length is greater than zero or the SYN or FIN is set. +- The SYN or FIN flag is set. - This is not a keepalive packet. - The segment length is greater than zero. - Data for this flow has been acknowledged. That is, the last-seen acknowledgement number has been set. @@ -475,7 +478,7 @@ Supersedes ``Retransmission''. Set when all of the following are true: - This is not a keepalive packet. -- In the forward direction, the segment length is greater than zero or the SYN or FIN is set. +- In the forward direction, the segment length is greater than zero or the SYN or FIN flag is set. - The next expected sequence number is greater than the current sequence number. // TCP_A_WINDOW_FULL |