Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] TCP reassembling and also difference in WS 2.4.2 and WS_2.5_

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Tue, 2 Jan 2018 18:44:43 +0000

I think for the first issue with reassembly failing due to out-of-order packets, there is already a bug opened: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13517

 

As for the related packet symbols not being shown on the master branch, that appears to be a new bug that should be reported on the bug tracker: https://bugs.wireshark.org/bugzilla/

​​​​- Chris

 

From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Robert Grange
Sent: Monday, January 1, 2018 10:58 AM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] TCP reassembling and also difference in WS 2.4.2 and WS_2.5_Master in qt_ui

 

Hi,

 

I’ve some problems with the tcp reassembling (look at the attached capture file)

 

Frame

1                    MQ Request

2                    1st tcp segment of a reassembled PDU

3                    2nd tcp segment of a reassembled PDU. Could be decoded with MQ dissector

4                    Single segment, decoded with MQ Dissctor

5                    ACK

6                    MQ Request

7                    1st tcp segment of a reassembled PDU

8                    2nd tcp segment of a reassembled PDU. Could be decoded with MQ dissector

9                    Single segment, decoded with MQ Dissctor

10                 ACK

11                 MQ Request

12                 Out of order segment. 2nd tcp segment of a reassembled PDU (could not be decoded through MQ Dissectror)

13                 Single segment (could not be decoded through MQ Dissectror)

14                 DUP ACK

15                 DUP ACK

16                 1st tcp segment of a reassembled PDU (but could not be relied to the 2nd part of the pdu in frame 12, so could not be decoded through MQ Dissectror

17                 ACK

18                 MQ Request

19                 1st tcp segment of a reassembled PDU

20                 2nd tcp segment of a reassembled PDU. (Could not be decoded with MQ dissector)

21                 Single segment, decoded with MQ Dissector (Could not be decoded with MQ dissector)

22                 ACK

23                 Etc …

 

Frame 1 to 10 are decoded correctly

Frame 11 to 17 could not be decoded (I can understand this as segment arrives in wrong order)

For next frames 18 … , the reassembling did no more work, although it is new request/response. Why ?

 

Another point also between V2.4.2 and V2.5-master in ui         

 

It seems that on master branch, the ticks and point, displayed on the Column No, to specify which frame is acknowledged by the selected frame is no more displayed in V2.5-master branch …

And also a point to show which frames are linked together when re-assembling the tcp frames …

See attached screen shots

 

Robert

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of the addressee.  If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.