ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: RE: [Ethereal-dev] Re: Ethereal WebSphere MQ dissection on segmentedmessage

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Emmanuel Soden" <e.soden-mls@xxxxxxxxxxx>
Date: Mon, 23 Jan 2006 21:31:47 +0100
Hi,
 Thanks for the tips. I will make this test and also stop capturing on
localhost. This capture has been done just to test segmentation behavior.
Actually, I'm testing dissector using two websphere MQ servers one on a
Linux box and the other one on an AIX system.

In this configuration protocol is better but MQ dissector doesn't know how
to reassemble data until I tell Ethereal to "decode as..." the capture file.
In this case all data will be reassembled correctly. I will send you the
capture file. I don't why the dissector don't know how to reassemble data by
itself.

I have noticed also that some of the Structure labels are not defined like
'RFH'. I will send you another containing capture files.

Thanks again for your help.

Regards,
Manu 

-----Original Message-----

At 21:46 18/01/2006 +0100, e.soden-mls@xxxxxxxxxxx wrote:
 > I m using WebSphere MQ dissector built within ethereal 0.10.14. I ve 
made a simple test send 256K using application segmentation. I split a 256K 
into 31,5K segment.
 > I get some trouble to see MQ packet in ethereal:
 >  - First packet (MESSAGE_DATA) is displayed correctly in the packet list 
pane. But nothing appears in the packet details pane.
 >  - Last MESSAGE_DATA is displayed correctly.
 >  - All MESSAGE_DATA between first and last packet are dissected as TCP 
segment of a reassembled PDU and I get for each of them a TCP ACKed lost 
segment .
 > What happened there? Somebody could explain what happens?
 > I attach to this mail a capture file to test it and a small png file 
showing the behavior.

Hi Manu,

 From the capture file it appears that you were capturing on localhost with 
a maximum Ethernet packet size of about 16K, although the largest packet in 
the transmission is about 32K.
Please restart the capture with a maximum packet size of at least 32K.
Since the packets are not complete, the MQ dissector is confused when it 
tries to desegment/reassemble the packets.
You can see that if you disable the two levels of reassembly in the 
preferences of the MQ dissector.
All the MESSAGE_DATA packets are larger than 16K, except the last 
one.  This is the reason why the last packet is displayed properly in the
pane.
Please let me know if this completely fixes your problem.

Cheers,

metatech 

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube