Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] TCP experimental options

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 06 Sep 2012 16:24:30 +0200
Hi,

When you make it as a UAT you can configure it in any way you like.

Thanks,
Jaap

On 2012-09-06 15:51, Tom Harwood wrote:
Hi all,

I've been experimenting with TCP Fast Open -
https://tools.ietf.org/html/draft-cheng-tcpm-fastopen-02 . The
protocol currently uses a TCP experimental options kind  (0xfe) for
its cookie values. The cookies show in Wireshark as "TCP Option -
Experimental: fexxf989...", where f989 is TFO's magic number prefix.

I thought it would be neat to label these (albeit experimental) TCP
Fast Open cookies in Wireshark. The TCP experimental options field
strictly has no structure, however the magic number prefix (f989 in
this case) could help with identification.
http://tools.ietf.org/html/draft-touch-tcpm-experimental-options-00
has some ideas related to this.

To generalise, I was thinking of writing a patch to check each TCP
experimental option against a list of variable length magic numbers.
Then Wireshark could identify experimental TFO cookies, and any other
experimental options seen "in the wild". (however TFO is the only one
I have ever seen :-))

As there's no structure to the TCP experimental options fields, some
uses could overlap, and some experimental option data could plausibly
belong to more than one experiment: In this case, we could note the
ambiguity and/or list all the possible known types the data could be.

Are there any suggestions? (is this a reasonable idea?)

thanks,

Tom

ps - many thanks to the authors of Wireshark, it's a brilliant piece
of software :-)