Question about reassembled fragmentation

["Qmo (Yi-Sheng)" <qmosheng () gmail com>]

Dear all,

I've writen a frame decoder which decodes the cap file captured by
Wireshark.
Now I meet a question about packet reassembled.
When I decode a TCP frame, it was partitioned into 3 packets. In wire shark,
it seems like:

   No.     Time          Source              Destination
Protocol                      Info
  132                    10.1.123.5
10.80.111.2                      TCP                     [TCP segment of a
reassembled PDU]
  133                    10.1.123.5
10.80.111.2                      TCP                     [TCP segment of a
reassembled PDU]
  134                    10.1.123.5
10.80.111.2                      HTTP                   HTTP/1.1  200 OK
(GIF89a)

I want to decode the HTTP packet, but it involves the three packets.
In Wireshark "Packet bytes Pane", the packet No. 134 shows
 [Reassembled TCP Segments (1938 bytes):  #132(272)  #133(1460)  #134(206) ]
     [Frame: 132 , payload: 0-271]
     [Frame: 133 , payload: 272-1731]
     [Frame: 134,  payload:1732-1937]

How do Wireshark know this infomation via the cap file?
I've seen the "Packet bytes Pane" about packet No.134, it seems no
infomation about this.
If we don't know the packet No. about all assembled packet, we can't decode
them.
Can anyone help me?  Thank you very much!!

Best Regards,
Qmo

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe