Hello there,
I have Wireshark 0.99.5 on Gentoo capturing a little multicast traffic. The
traffic has some IP fragmentation, so the IP section of the first frame tells
me that "Reassembled IP in frame: #of_last_frame" while this tells me "[IP
Fragments (1382 bytes): #of_frames]" (frames an their data payloads (1280+102
bytes) are listed there).
The following section of this frame is the reassembled UDP packet. Wireshark
marks the UDP section head and Length in red and complains about "Length:
1382 (bogus, should be 102)".
This seems incorrect to me, because the whole (reassembled) UDP packet is 1382
bytes long, independend on that this is more than the actual frame's payload
is (I'm aware of problems with fragmented UDP traffic, but in case all
fragments have been caught, shouldn't it appear as a correct UDP datagram?).
Am I wrong here?
Please respond to my eMail address, I'm not member of the list.
Thanks in advance
Eckard
