ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] tcp reassembly

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Thu, 17 Dec 2009 08:51:19 +1100

Your "protocol" needs to convey this information - there is nothing in TCP that knows when the SDU (Service Data Unit) is carrying is finished. Basically you have two options. Either your protocol (that defines that those 5000 bytes is a Protocol Data Unit) needs to provide  a header (indicating at least the length) OR a trailer, that has some sort of a delimiter (say a NULL character or CRLF) that indicates your PDU is finished. Together this is basically known as framing, by which you indicate the begin and end of your data units.

Regards, Martin

MartinVisser99@xxxxxxxxx


On Thu, Dec 17, 2009 at 8:27 AM, Chun Chan <chun_chan@xxxxxxxxx> wrote:
Hi
I am writing a sniffer but I couldnt understand some things about tcp reassembly.
firstly I send a data via socket 5000 bytes. then tcpip stack split into three tcp packets. but this is not ip fragmentation. I think this is tcp segmentation.
but I can not understand when I will sniff this packet How can I defragment this packet?
I need to understand when finished 5000 bytes.
I will waiting your reply
thanks


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube