Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] asking a question

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 16 Dec 2009 18:42:30 +0100
Hi,

The protocol stack is called TCP/IP, that is Transport Control Protocol over Internet Protocol. When the IP protocol layer cannot carry the TCP layer PDU as a whole, it fragments it, and sends the TCP segments one by one. These are the packets you see. Wireshark is able to tell that these are TCP segments and can do its best to reassemble the original TCP PDU for you. The result will then be presented with the last TCP segment coming in.

This is basic TCP/IP stuff. Read your Stevens, or Wikipedia for that matter.

Thanks,
Jaap

chendahong@xxxxxxxxxxxxxxxx wrote:

When I used the wireshark to capture ip packets, the wireshark considered
some packets as "TCP segment of a reassembled PDU".

Please explain the means of "TCP segment of a reassembled PDU" to me.

thanks.