Thanks! This helps!
On 6/6/08, Sake Blok <sake@xxxxxxxxxx> wrote:
> On Thu, Jun 05, 2008 at 08:19:40PM -0700, Vishal Study wrote:
> >
> > Ethereal is showing lot of packets with "TCP segment of a reassembled
> > PDU" in Info field.
> >
> > Which of the following is true:
> >
> > - Is the received packet IP-fragmented? I don't think so as IP
> > flags/fragment-offset is all 0s.
>
>
> Indeed, the message "TCP segment of a reassembled PDU" has nothing to
> do with IP fragmentation (however, this TCP segment may in its turn be
> IP fragmented)
>
>
> > - Is this an TCP fragmented packet? I don't pkts coming out of order,
> > so don't think so.
>
>
> Out-of-order packets are not related to TCP segmentation. The
> reassembly does not refer to putting the received segments in the
> right order before passing the data to the upper layer. But...
>
>
> > - Or is this part of a bigger application packet that has multiple TCP
> > pkts (and all with the same Info:..TCP segment of a reassembled PDU).
>
>
> YES! The message means that TCP handed of the dissection to a higher
> layer protocol dissector. This dissector told the TCP dissector to
> collect multiple TCP segment to construct one PDU. If all goes well,
> the packet that contains the lasat part of the application PDU will
> have full dissection of the application protocol. If this does
> not happen, please file a bug on http://bugs.wireshark.org and
> attach the capture file of that particular tcp session.
>
> You can disable the reassembly of TCP segments by unchecking the
> "Allow subdissector to desegment TCP streams" in the TCP protocol
> preferences. That way, all parts of the application PDU will be
> displayed on their own.
>
> Hope this helps,
> Cheers,
> Sake
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
