Wireshark mailing list archives

Wireshark not reassembling UDP packet

From: Andre Kostur <akostur () incognito com>
Date: Mon, 23 Apr 2012 16:57:35 -0700

Hi, using Wireshark 1.6.7 (SVN 41973).   I have a pcap of a Kerberos
exchange.  The AS-REQ is a fragmented UDP packet with 2 fragments and is
being correctly reassembled and shown.  However, the AS-REP is a fragmented
UDP packet with 3 fragments, but Wireshark is not reassembling this packet.
  It just shows the 1st packet as the AS-REP, but truncated (Packet size
limited during capture).  All three fragments have a consistent
Identification field, the More Fragments bit is set on the first two
fragments (and not the third.  The Fragment offsets are 0, 1480, and 2960
(as you would expect.   However, the Header checksum is listed as 0x0000.
 Perhaps Wireshark is upset with the checksum and thus refusing to
reassemble the packet?

-- 
 *Andre Kostur*

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark not reassembling UDP packet Andre Kostur (Apr 23)
- Re: Wireshark not reassembling UDP packet Sake Blok (Apr 23)
  - Re: Wireshark not reassembling UDP packet Andre Kostur (Apr 24)
    - Re: Wireshark not reassembling UDP packet Sake Blok (Apr 24)
    - Re: Wireshark not reassembling UDP packet Michael Tuexen (Apr 24)
    - Re: Wireshark not reassembling UDP packet Andre Kostur (Apr 24)
    - Re: Wireshark not reassembling UDP packet ronnie sahlberg (Apr 24)
    - Re: Wireshark not reassembling UDP packet Kevin Cullimore (Apr 27)
    - Re: Wireshark not reassembling UDP packet Guy Harris (Apr 27)