Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] TCP segment of a reassembled PDU

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Vishal Study" <vishal.study@xxxxxxxxx>
Date: Fri, 6 Jun 2008 11:50:35 -0700

Thanks! This helps!

On 6/6/08, Sake Blok <sake@xxxxxxxxxx> wrote:
> On Thu, Jun 05, 2008 at 08:19:40PM -0700, Vishal Study wrote:
>  >
>  > Ethereal is showing lot of packets with "TCP segment of a reassembled
>  > PDU" in Info field.
>  >
>  > Which of the following is true:
>  >
>  > - Is the received packet IP-fragmented? I don't think so as IP
>  > flags/fragment-offset is all 0s.
>
>
> Indeed, the message "TCP segment of a reassembled PDU" has nothing to
>  do with IP fragmentation (however, this TCP segment may in its turn be
>  IP fragmented)
>
>
>  > - Is this an TCP fragmented packet? I don't pkts coming out of order,
>  > so don't think so.
>
>
> Out-of-order packets are not related to TCP segmentation. The
>  reassembly does not refer to putting the received segments in the
>  right order before passing the data to the upper layer. But...
>
>
>  > - Or is this part of a bigger application packet that has multiple TCP
>  > pkts (and all with the same Info:..TCP segment of a reassembled PDU).
>
>
> YES! The message means that TCP handed of the dissection to a higher
>  layer protocol dissector. This dissector told the TCP dissector to
>  collect multiple TCP segment to construct one PDU. If all goes well,
>  the packet that contains the lasat part of the application PDU will
>  have full dissection of the application protocol. If this does
>  not happen, please file a bug on http://bugs.wireshark.org and
>  attach the capture file of that particular tcp session.
>
>  You can disable the reassembly of TCP segments by unchecking the
>  "Allow subdissector to desegment TCP streams" in the TCP protocol
>  preferences. That way, all parts of the application PDU will be
>  displayed on their own.
>
>  Hope this helps,
>  Cheers,
>     Sake
>  _______________________________________________
>  Wireshark-users mailing list
>  Wireshark-users@xxxxxxxxxxxxx
>  https://wireshark.org/mailman/listinfo/wireshark-users
>
  • References:
    • [Wireshark-users] TCP segment of a reassembled PDU
      • From: Vishal Study
    • Re: [Wireshark-users] TCP segment of a reassembled PDU
      • From: Sake Blok
  • Prev by Date: Re: [Wireshark-users] Unistim Decode Broken in version 1.0.0
  • Next by Date: Re: [Wireshark-users] Unistim Decode Broken in version 1.0.0
  • Previous by thread: Re: [Wireshark-users] TCP segment of a reassembled PDU
  • Next by thread: Re: [Wireshark-users] Packet List Display
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation