Hi
I have an issue with the Fast retransmission TCP packets while converting them to the pdml.
I can see when I open the pcap, there are two packets having same seq nb. and one of them is Original packet and other one is retransmitted packet. I can see the RTMP part in both of these packets but when i convert the pdml of these packets through Tshark, I am able to see the RTMP part for only one packet and for another one its just up to TCP and the RTMP part in missing which is visible in Wireshark and Wireshark is able to include that part when I export that particular packet as pdml.
Now, there are two cases for the same pdml. In first one the original packet's pdml have the RTMP portion missing and in another case the rtmp part of the pdml is missing in the Retransmitted packet.
In my opinion it should either be visible in both or if its visible only in one then it should be consistent.
I am not able to find on what basis this judgement has been done by Tshark that for which packet the RTMP part of pdml needs to be skipped or its a bug?
Can someone clarify and help me out on this thing.
Thanks
Nitin
