I looked more carefully at the ``extra clean'' files, to see exactly 
how to interprete sequence numbers and acknowledgement numbers,
in particular in three-way and four-way handshakes.

This is what I concluded:

Unless a packet acknowledges a SYN or a FIN packet:

If a packet says, for the sequence number:
x:x+k (k) 
it means: ``I contain k databytes, numbered  x , x+1 , ... , x+k-1 .''
UNLESS k=0  (!).
Then it means:
``I do not contain any databytes. The highest numbered databyte I sent 
in the past was number (x-1). IF I had contained any databytes, 
the first would have been number x.''

---
I had always thought that ``x:x (0)'' meant 
``I do not contain any databytes, and the highest previous number was x''
I was wrong. Never too old to learn.
The only way to check this is to use tcpdump with the   -S   option.
---

Three way handshake:

SYN:
seq = x,
ack = 0.

SYN-ACK:
seq = y,
ack = x+1.  (as expected)

ACK:
seq = x+1.  (unexpected: ``the SYN takes one sequence number'')
ack = y+1.  (as expected).

---

``Four'' way handshake (assume no data in half closed):

FIN
seq = u   (``The next byte would have been u, if there were any'')
ack = v.  (``I received from you byte (v-1) and the next one, if any, 
             must be v'')

ACK: I have to find a clear case. I'll look into some old tcpdump outputs.
I THINK:

ACK
seq = v,
ack = u.  

Think about it as follows: this ACK acknowledges all data of before the 
FIN, (IF all data of before the FIN indeed did arrive).

FIN:
seq = v   (that is OK: ``the sequence number would have been v if ...'')
ack = u+1 (``The FIN takes one sequence number'').

ACK:
seq = u+1  (``complicated'') 
ack = v+1  (``The FIN takes one sequence number'')

---

I will not ask questions about this x , y , u , v , w business 
(in this midterm). 


Teun Ott.