TCP and UDP configuration

In UDP, there is not much to change; it is a very simple protocol, with a very simple configuration. In TCP, on the other hand, there are some parameters that can be changed:

Most of the changes you can make in the TCP preferences are in the way that Wireshark dissects the captured data:

• Validate the TCP checksum if possible: In some NICs, you may see many checksum errors. This is due to the fact that TCP checksum offloading is often implemented on NICs. The problem here might be that the NIC actually adds the checksum after Wireshark captures the packet, so if you see many TCP checksum errors, the first thing to do will be to disable this checkbox and verify that this is not the problem.
• Analyze TCP sequence numbers: This checkbox must be checked so Wireshark can provide TCP analysis, which is one of its main and most important features.
• Relative sequence numbers: When TCP opens a connection, it starts from a random sequence number. When this checkbox is checked, Wireshark will normalize it to zero, so what you will see are not the real numbers, but numbers starting from zero and climbing. In most cases, relative numbers are much easier to handle.
• Calculate conversation timestamps: When checking this checkbox, the TCP dissector will show you, in every packet, the time since the beginning of the connection. This can be helpful in cases with a very fast connection when times are critical.