Wireshark · Wireshark-dev: [Wireshark-dev] Sequence aware dissector of TCP payload

Wireshark-dev: [Wireshark-dev] Sequence aware dissector of TCP payload

From: Max Dmitrichenko <dmitrmax@xxxxxxxxx>

Date: Sat, 4 Jun 2016 00:44:31 +0300

Hi everybody!

Sometime ago I wrote a dissector of TCP-based protocol, and I faced with the problem of TCP out-of-order frames. E.g.:

1) Duplicated packet

2) Out-of-order packet later followed by TCP retransmission

3) Simple reordering

and so on.

Most protocols seems to be tolerant to this. But if you protocol is encrypted or compressed, such event poisons the state of decoder or decompressor and most of times it is unrecoverable.

Does wireshark have anything to handle this? If not is there any demand for such functionality from dissectors' authors?

With best regards
Max Dmitrichenko

Follow-Ups:
- Re: [Wireshark-dev] Sequence aware dissector of TCP payload
  - From: Peter Wu

Prev by Date: Re: [Wireshark-dev] Wireshark building fails with code page errors on a non-English Windows system
Next by Date: Re: [Wireshark-dev] Wireshark building fails with code page errors on a non-English Windows system
Previous by thread: Re: [Wireshark-dev] Wireshark building fails with code page errors on a non-English Windows system
Next by thread: Re: [Wireshark-dev] Sequence aware dissector of TCP payload
Index(es):
- Date
- Thread