Wireshark mailing list archives
Re: TCP Reassembly in wireshark
From: Vishnu Bhatt <vishnu.bhatt () aricent com>
Date: Mon, 10 Feb 2014 13:09:40 +0530
Thanks for the information. So you mean to say that the upper layer tells TCP about its size. Could you please tell me how SABP does this? -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Guy Harris Sent: Friday, February 07, 2014 3:54 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] TCP Reassembly in wireshark On Feb 7, 2014, at 12:06 AM, Vishnu Bhatt <vishnu.bhatt () aricent com> wrote:
How does wireshark know when to reassemble the TCP segments? How TCP gets to know in wireshark that whether to send the payload to the upper layer or to reassemble it in some other frame?
It gets told by the dissector for the upper layer.
Is there any header field?
Not in TCP. The service offered by TCP is a byte stream, with no packet boundaries visible; a TCP implementation can divide up the bytes handed to it by the upper-layer protocol in any way that it chooses. This means that if the protocol running atop TCP has message boundaries, that protocol must somehow arrange to determine when a message begins or ends. Many protocols do this by putting a message length field into the message header; for example, that's how DNS-over-TCP, ONC RPC-over-TCP, and SMB-over-TCP work. Wireshark has a routine tcp_dissect_pdus(), which a dissector for a protocol running on top of TCP and using a message length field can use. For HTTP, the header for a request or response continues up to a blank line, and the entity-body for a request or response might be indicated by the connection on which it's being sent closing, by the length of the entity-body being specified in the header with a Content-Length: header field, or in various other fashions. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe =============================================================================== Please refer to http://www.aricent.com/legal/email_disclaimer.html for important disclosures regarding this electronic communication. =============================================================================== ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- TCP Reassembly in wireshark Vishnu Bhatt (Feb 07)
- Re: TCP Reassembly in wireshark Guy Harris (Feb 07)
- Re: TCP Reassembly in wireshark Vishnu Bhatt (Feb 10)
- Re: TCP Reassembly in wireshark Anders Broman (Feb 10)
- Re: TCP Reassembly in wireshark Guy Harris (Feb 10)
- Re: TCP Reassembly in wireshark Vishnu Bhatt (Feb 10)
- Re: TCP Reassembly in wireshark Guy Harris (Feb 11)
- Re: TCP Reassembly in wireshark Vishnu Bhatt (Feb 10)
- Re: TCP Reassembly in wireshark Guy Harris (Feb 07)