ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4561] New: TCP Analysis Ignores Vlan Tags

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 6 Mar 2010 04:08:37 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4561

           Summary: TCP Analysis Ignores Vlan Tags
           Product: Wireshark
           Version: 1.2.6
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxxxx


Build Information:
Version 1.2.6 (SVN Rev 31702)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.5, with GLib 2.22.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8,
with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jan 27 2010), with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When taking traffic captures on trunk links the capture contains packets in
more than one vlan.  This can been seen by looking at the vlan.id field in a
capture.

If the packets of a TCP session traverse more than one vlan (example router on
a stick) the analysis shown in the Wireshark GUI does not distinguish between
the vlans.  Thus the TCP session analysis shows out of order packets,
retransmits etc when this is not correct - it is just seeing the same packets
on different vlans.

Generally each TCP session is identified by a unique combination of source ip,
source port, dest ip and dest port etc.  It would be an improvement if vlan.id
could also be used as one of the fields used to identify traffic streams for
analysis.  I would expect this would be a default but could also be implemented
as an optional feature enabled in the preferences.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube