Wireshark mailing list archives

Re: Segmentation problem

From: wsgd <wsgd () free fr>
Date: Fri, 12 Feb 2010 11:22:57 +0100

Hello,

 From the TCP point of view,
 there is no "last TCP segment" for a given message/pdu,
 because TCP does not know anything about your message/pdu.
TCP is only a byte stream.

It is the protocol above TCP which (is supposed to) know where is the 
last TCP segment.

TCP knows the sequence of packets for a given connection.
Thanks to Sequence Number.


For your filter/save problem,
 perhaps you can :
- apply your filter
- then, right click on a packet / Conversation Filter / Tcp
--> the missing TCP segment packets reappear
- save (eventually selecting a range of packets)


Olivier


Salman Malik a écrit :

Hello all,

I wanted to ask: how does wireshark detect segments of TCP ? I mean 
which field does it camp on to detect if the last TCP segment has 
arrived ?
Actually I'm working with some GTP traffic, when I filter it for 
m-send-req message (used in mms transaction flow) and try to save it 
in a separate pcap, I don't see the packet (primarily because the 
packet consisted of two TCP segments, first of which was not shown 
after the application of filter and thus is shown as "continuation or 
non-http traffic") . Someone help please !



------------------------------------------------------------------------
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up 
now. <https://signup.live.com/signup.aspx?id=60969>
------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe



-- 
Wireshark Generic Dissector http://wsgd.free.fr

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Segmentation problem Salman Malik (Feb 11)
- Re: Segmentation problem wsgd (Feb 12)
- Re: Segmentation problem Guy Harris (Feb 15)