Wireshark · Wireshark-dev: Re: [Wireshark-dev] fragment_add_..(), pinfo->src/dst, IP vs. TCP Session

[David Aggeler <david_aggeler@xxxxxxxxxx>]

>> 
http://blogs.technet.com/b/netmon/archive/2006/11/15/conversations-in-network-monitor-3-0-cable-talk.aspx
Looks logical

>> Meaning TCP connections, i.e. the command channel and data transfer 
channel are on separate TCP connections?
For one of the modes, yes.

>> That's what the fragment_add_seq routines are for ..
Only the 'port numbers' are ignored, i.e. they are not as hierarchical 
as they should be :-). E.g. it feels like IP-DICOM, The TCP level is 
somewhat ignored. I'd say the  reorder/retransmit is done correctly.