Re: TCP reassemble question

[Sake Blok <sake () euronet nl>]

On 16 mei 2010, at 15:40, Bo Xu wrote:

> Wireshark can reassemble the tcp packets which is very cool feature. 
> For example ,If  the reassemble option is disabled in the  preference,  assume #9 and #10 are carrying the whole 
> piece information , there will be  these 2 prompt line in #9  :
>  
> Numer of bytes in flight :1460 
> Last frame of this PDU : 10
>  
> I would like to know how wireshark know these TCP segments are together  ?

TCP is a streaming protocol, which means it just transmits the data it receives from an application to the receiving 
application on the receiving end. It has no knowledge of protocol data unit (PDU) bounderies. Just like the receiving 
application must know where the bounderies of each PDU are, the dissector the protocol that runs on top of TCP must 
know how to determine if the PDU is split over multiple TCP segments. And if it is, it tells the TCP dissector to 
collect more data. This goes on until it knows it has enough data to dissect a whole PDU.

Hope this helps,
Cheers,
     Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe