On Wed, Aug 2, 2017 at 10:03 PM, Sultan, Hassan via Wireshark-dev
<wireshark-dev@xxxxxxxxxxxxx> wrote:
> Regarding tcp.payload, I don't think tcp.payload in itself has any problems. I think the issue lies in tcp showing a length of 32 only, even though it has tcp.payload as its child.
The tcp.payload field was recently added, have a look at
https://code.wireshark.org/review/22374
I do agree that this is displayed wrong and should be fixed.
Increasing the length of the TCP header would be wrong because the
payload is dissected by upper protocols and does belong with the TCP
header. Putting it at top level would also be wrong because it's not
a protocol.
--
Stig Bjørlykke
