Wireshark mailing list archives
Re: Wireshark fails to display UDP packets
From: Chris Maynard <Chris.Maynard () gtech com>
Date: Thu, 1 Dec 2011 18:31:21 +0000 (UTC)
Stephen Fisher <steve@...> writes:
What I don't understand is, why wireshark does not detect UDP protocol, when IP protocol has already detected it. Maybe that will help me see what mistake is done in the frame.I suspect it is because the packets are fragmented IP. Do you have the "reassemble fragmented IPv4 datagrams" preference enabled under the IPv4 protocol preferences?
Even if the "reassemble fragmented IPv4 datagrams" preference is enabled, the IP fragments will still only be displayed as you see in the picture. The only difference would be with the last fragment - if all fragments were present (and not ignored, as it looks like might be the case from the attached screen shot) - then Wireshark could reassemble the IP fragments into a complete UDP packet. If you don't want to bother looking at the unreassembled IP fragments, you can use a display filter to exclude them, such as with something like, "!(ip.flags.mf == 1)" or simply "udp". Of course if you don't have "reassemble fragmented IPv4 datagrams" enabled, then "udp" will match the first fragment instead of the last/reassembed one, so you might decide to change your filter a bit to something like, "ip.frag_offset == 0" or again, you could just use "udp". Note that you won't see the entire reassembled packet in this case, but the UDP header will be dissected as well as however many bytes of UDP payload data were present in the first fragment. - Chris ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark fails to display UDP packets PRASANTH RAJAGOPAL (Dec 01)
- Re: Wireshark fails to display UDP packets Stephen Fisher (Dec 01)
- Re: Wireshark fails to display UDP packets Chris Maynard (Dec 01)
- Re: Wireshark fails to display UDP packets PRASANTH RAJAGOPAL (Dec 02)
- Re: Wireshark fails to display UDP packets Chris Maynard (Dec 01)
- Re: Wireshark fails to display UDP packets Stephen Fisher (Dec 01)