Wireshark mailing list archives
Re: Dissecting TCP PDUs
From: Alexander Koeppe <format_c () online de>
Date: Tue, 26 Oct 2010 22:06:32 +0200
Christopher Maynard schrieb:
Alexander Koeppe <format_c@...> writes:I have seen captures where e.g. several NetBIOS PDUs has been dissected as an individual branch of the protocol tree. Those PDUs aren't displayed under the TCP tree as mentioned above.Another protocol e.g. FIX (which is quite new), is being dissected as an individual branch of the protocol tree AND under the TCP tree as well.You are likely looking at a reassembled FIX packet since FIX relies on tcp_dissect_pdus(), whereas NetBIOS does not. The part under TCP is just the unreassembled segment data of just one segment, but the part in its own individual branch is all the reassembled segments that comprise the FIX packet. There might also be a difference because FIX registers as a TCP heuristic dissector whereas NetBIOS does not. You might post a small capture file of each that depicts what you describe. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
The FIX packet capture is from Bug #5285 and has the URL https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5278 . The NetBIOS packet capture is from Bug #5289 and has the URL https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5286 . Don't be confused if your wireshark crashes. On #5285 I'm currently working on and #5289 is next on my target list. Thank you for your explanation. Continuing investigating also led me to the same conclusion, that the reason is the way the FIX protocol dissects itself. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissecting TCP PDUs Alexander Koeppe (Oct 21)
- Re: Dissecting TCP PDUs Christopher Maynard (Oct 25)
- Re: Dissecting TCP PDUs Alexander Koeppe (Oct 26)
- Re: Dissecting TCP PDUs Christopher Maynard (Oct 25)