Search code examples
network-programmingwiresharkpackets

Trouble understanding packets in wireshark

Does the sequence number for the next packet get the ack nr plus the length?

OR

Does the sequence number for the next packet gets the seq nr plus the length of the previous

AND

Can the packets be in random order? and if so why and how do we know a packet has been lost?

Solution

  • First, there are two sets of sequence and acknowledgement number pairs, one set for each side of the conversation. The sequence number is the sender's current number and the acknowledgement number is the receiver's idea of the "next expected sequence number" from the sender. Generally, they work like this ...

    Assumptions: HostA's initial sequence number is 100, HostB's initial sequence number is 200 (These numbers are random and their starting values don't matter at all, but they are established during the TCP 3-way handshake.)

    Scenario: HostA sends 1000 bytes of TCP payload to HostB:

    Seq #  Ack #  TCP Payload (bytes)  Next Seq #
-----  -----  -------------------  ----------
100    200                   1000        1100

    Here, the HostA's initial sequence number is assumed to be 100 and since we're assuming it is sending 1000 bytes of TCP payload, we calculate the next expected sequence number to be 100 + 1000 = 1100. That's the ACK # we're looking for from HostB, which would indicate to HostA that HostB received all 1000 bytes of payload and is expecting the next TCP segment from HostA to have a sequence number of 1100.

    HostB acknowledges the reception of the above TCP segment from HostA:

    Seq #  Ack #  TCP Payload (bytes)  Next Seq #
-----  -----  -------------------  ----------
200    1100                     0         200

    This is HostB's set of sequence and acknowledgement numbers. Note that this set is completely independent of HostA's set. Here, HostB has acknowledged to HostA the reception of all 1000 bytes of data that the sender sent in the previous packet by sending HostA an ACK # of 1100 (initial sequence number of 100 plus the additional 1000 bytes of payload). HostB's own sequence number of 200 does not play a role in this transfer of data except to indicate to HostA that no data has been sent by HostB in the reverse direction back to HostA.

    If HostB did NOT receive this segment from HostA, the ACK HostB would eventually send back to HostA would have carried the ACK # of only 100, so HostA would know that HostB did not receive the segment carrying 1000 bytes of payload and should therefore retransmit it.

    I hope that helps?

    For further information and more details, refer to RFC 793.