Wireshark · Wireshark-dev: [Wireshark-dev] Dissecting TCP PDUs

Wireshark-dev: [Wireshark-dev] Dissecting TCP PDUs

From: Alexander Koeppe <format_c@xxxxxxxxx>

Date: Thu, 21 Oct 2010 18:56:33 +0200

Hi

I have a question about the general concept about dissecting PDUs under
the TCP tree:

   ,-----------------------------------
   | Transmission Control Protocol, Src Port: ....
   |   ...
   |   [PDU Size: 123]
   |   [PDU Size: 124]
   |   TCP segment data (50 bytes)
   `-----------------------------------

I have seen captures where e.g. several NetBIOS PDUs has been dissected
as an individual branch of the protocol tree. Those PDUs aren't
displayed under the TCP tree as mentioned above.

Another protocol e.g. FIX (which is quite new), is being dissected as an
individual branch of the protocol tree AND under the TCP tree as well.

What I do not really understand is the actual concept behind that.
I'd assume that only PDUs that are not dissected as an individual branch
of the protocol tree should be displayed under the TCP tree as
"anonymous" PDUs if possible.

Can you please advice?

Cheers

Follow-Ups:
- Re: [Wireshark-dev] Dissecting TCP PDUs
  - From: Christopher Maynard

Prev by Date: Re: [Wireshark-dev] Question regarding using Taps in Lua
Next by Date: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?
Previous by thread: Re: [Wireshark-dev] Seg Fault - Creating new wiretap type - RESOLVED
Next by thread: Re: [Wireshark-dev] Dissecting TCP PDUs
Index(es):
- Date
- Thread