Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Getting sequence from TCP reassembled PDU

From: Martin Visser <martinvisser99 () gmail com>
Date: Fri, 16 Apr 2010 22:35:27 +1000
Pelayo,

The quick fix to your problem is to go to Edit -> Preferences -> Protocols
-> TCP and uncheck the box "Allow subdissectors to reassemble TCP streams"

You could also add a Custom Column to your display with tcp.seq as the
field. (I create my own  "TCP" configuration profile that has tcp.seq and
tcp.ack as custom columns to aid troubleshooting TCP flow issues.

Regards, Martin

MartinVisser99 () gmail com


2010/4/16 Pelayo Ramón <pelayor () gmail com>


Hello.

I am new to wireshark, and i have achieved some knolowdge about how it
works, but I have problem I do not know how to resolve.

To get a picture of the problem.
Im developing a socket library to easy the development of simple
server-multiple-client transmission . I has internal transmission flow
control and a control channel via UDP.

I am testing it by stressing the transmission trough a switched 100Mb
ethernet with 11 clients sending 32MB to the server. The server is
linux and the clients windows.

To see the performance I am plotting the TCP sequence numbers against
time of the different TCP streams.

I have wireshark running in the server and in one client.

The problem comes when the LAN is really overloaded and the switch
begins to fill the queues.
Wireshark begins to give "TCP reassembled PDU" in client capture and
also in server capture.

A small capture piece to ilustrate it:
Client is the *.125 ip and server is the *.182

"337","8.070825","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=159445 Win=65535 Len=0"

"338","8.071070","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=162365 Win=65535 Len=0"

"339","8.071219","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=163845 Win=65535 Len=0"

"340","8.071429","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=166765 Win=65535 Len=0"

"341","8.071693","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=169685 Win=65535 Len=0"

"342","8.071942","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=172605 Win=65535 Len=0"

"343","8.072049","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=174085 Win=65535 Len=0"

"344","8.075711","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"345","8.075728","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"346","8.075742","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"347","8.075755","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"348","8.075767","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"349","8.075779","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"350","8.075790","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"351","8.075801","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"352","8.076314","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=177005 Win=65535 Len=0"

"353","8.076586","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=179925 Win=65535 Len=0"

"354","8.076814","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=182845 Win=65535 Len=0"

"355","8.076942","156.35.152.182","156.35.152.125","TCP","commplex-main

xrl [ACK] Seq=1 Ack=184325 Win=65535 Len=0"


reassemble TCP streams is on.

What can i do to get the sequence number of those TCP segments?

Thanks in advance.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: