Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Segmentation problem

From: wsgd <wsgd@xxxxxxx>
Date: Fri, 12 Feb 2010 11:22:57 +0100
Hello,

From the TCP point of view,
there is no "last TCP segment" for a given message/pdu,
because TCP does not know anything about your message/pdu.
TCP is only a byte stream.

It is the protocol above TCP which (is supposed to) know where is the last TCP segment.

TCP knows the sequence of packets for a given connection.
Thanks to Sequence Number.


For your filter/save problem,
perhaps you can :
- apply your filter
- then, right click on a packet / Conversation Filter / Tcp
--> the missing TCP segment packets reappear
- save (eventually selecting a range of packets)


Olivier


Salman Malik a �crit :
Hello all,

I wanted to ask: how does wireshark detect segments of TCP ? I mean which field does it camp on to detect if the last TCP segment has arrived ? Actually I'm working with some GTP traffic, when I filter it for m-send-req message (used in mms transaction flow) and try to save it in a separate pcap, I don't see the packet (primarily because the packet consisted of two TCP segments, first of which was not shown after the application of filter and thus is shown as "continuation or non-http traffic") . Someone help please !



------------------------------------------------------------------------
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. <https://signup.live.com/signup.aspx?id=60969>
------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


--
Wireshark Generic Dissector http://wsgd.free.fr