Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9882] Data on SYN Not Reassembled Correctly in Packet Pane

Wireshark-bugs: [Wireshark-bugs] [Bug 9882] Data on SYN Not Reassembled Correctly in Packet Pane

Date: Thu, 20 Mar 2014 14:56:25 +0000

Comment # 2 on bug 9882 from [email protected]

The reason that "Reassembled TCP (411 bytes)" in the bottom pane is incorrect
is that there is a 1 byte overlap at relative sequence number 5.  It looks like
this:

Segment 1 (packet 3):

0 = SYN
1 = 'G'
2 = 'E'
3 = 'T'
4 = ' '
5 = '/'

Segment 2 (packet 6):

5 = 't'
6 = 'e'
7 = 's'
8 = 't'
...

So it seems that in the bottom pane the segment data is simply concatenated. 
It should instead resolve the overlap resulting in either:

"GET /est..."

or

"GET test..."

as an actual TCP implementation would.  The fist case makes the most sense
since that is the same as the follow stream content.

Also note that the info field in the top pane is consistent with the bottom and
should be fixed as well.

For reference, consider the overlap-2.pcap which differs only in that the
payload first appears after the SYN.  For this pcap, everything looks good and
is consistent with the follow stream content for the original pcap.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 9882] New: Data on SYN Not Reassembled Correctly in Packet Pane
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9905] New: Buildbot crash output: fuzz-2014-03-20-13099.pcap
Next by Date: [Wireshark-bugs] [Bug 9882] Data on SYN Not Reassembled Correctly in Packet Pane
Previous by thread: [Wireshark-bugs] [Bug 9882] Data on SYN Not Reassembled Correctly in Packet Pane
Next by thread: [Wireshark-bugs] [Bug 9882] Data on SYN Not Reassembled Correctly in Packet Pane
Index(es):
- Date
- Thread