How can I write a filter to get tcp sequence number inconsistency?

Question

I am using WireShark 1.12 and I am trying to filter SYN , SYN/ACK , ACK by inconsistencies. Would anyone know how to write a filter for this version? Currently

I am using this: tcp.ack & tcp.seq & tcp.len

I am able to see the drop in sequence numbers but I have to do a lot of parsing manually.

Thank you in advanced

score 2 · Accepted Answer · answered Sep 04 '14 at 14:48

2

I think Wireshark already does a pretty good job about that. What specific inconsistency you're checking that is not already covered?

http://wiki.wireshark.org/TCP_Analyze_Sequence_Numbers

answered Sep 04 '14 at 14:48

gtirloni

5,746
3
25
52

1

Thanks for pointing me in the right direction! tcp.analysis.ack_lost_segment is the filter I was looking for. – Sep 04 '14 at 14:51

How can I write a filter to get tcp sequence number inconsistency?

1 Answers1