ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: [Wireshark-dev] SCCP reassembly broken for duplicateded SCTP messages.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Thu, 3 Mar 2011 15:00:31 +0100
Hi,
SCCP reassembly will add both segments from duplicated packets thus producing garbage in the reassembled packet.
An "easy" fix could perhaps bee to add a flag in pinfo "duplicate" or "suspected duplicate" and ignore such frames in reassembly, possibly the
Dissector doing reassembly could have a preference wether to use the flag or not - thoughts?
 
There is a similar bug in the TCP reassembly causing it to not show the reassembled packet.
1 0.000000 10.80.79.132 10.62.180.97 TCP [TCP segment of a reassembled PDU]
2 0.000004 10.80.79.132 10.62.180.97 TCP [TCP segment of a reassembled PDU]
3 0.238283 10.80.79.132 10.62.180.97 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
4 0.716280 10.80.79.132 10.62.180.97 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
 
 
Best regards
Anders
 
 
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube