At 21:46 18/01/2006 +0100, e.soden-mls@xxxxxxxxxxx wrote:
> I m using WebSphere MQ dissector built within ethereal 0.10.14. I ve
made a simple test send 256K using application segmentation. I split a 256K
into 31,5K segment.
> I get some trouble to see MQ packet in ethereal:
> - First packet (MESSAGE_DATA) is displayed correctly in the packet list
pane. But nothing appears in the packet details pane.
> - Last MESSAGE_DATA is displayed correctly.
> - All MESSAGE_DATA between first and last packet are dissected as TCP
segment of a reassembled PDU and I get for each of them a TCP ACKed lost
segment .
> What happened there? Somebody could explain what happens?
> I attach to this mail a capture file to test it and a small png file
showing the behavior.
Hi Manu,
From the capture file it appears that you were capturing on localhost with
a maximum Ethernet packet size of about 16K, although the largest packet in
the transmission is about 32K.
Please restart the capture with a maximum packet size of at least 32K.
Since the packets are not complete, the MQ dissector is confused when it
tries to desegment/reassemble the packets.
You can see that if you disable the two levels of reassembly in the
preferences of the MQ dissector.
All the MESSAGE_DATA packets are larger than 16K, except the last
one. This is the reason why the last packet is displayed properly in the pane.
Please let me know if this completely fixes your problem.
Cheers,
metatech
