Wireshark mailing list archives
Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS
From: Anders Broman <a.broman58 () gmail com>
Date: Mon, 8 Feb 2016 18:23:29 +0100
Den 8 feb 2016 18:04 skrev "Guy Harris" <guy () alum mit edu>:
On Feb 8, 2016, at 8:51 AM, Anders Broman <anders.broman () ericsson com>
wrote:
It seems like there might not be a "solve all" solution to the cases
listed, it also seems to me like there is a need for several flavors of "conversation"
Such as the 5 tuple we have today for stuff like "decode as" and
possibly other protocol data stored by the protocols running on the transport protocol and
A configurable(?) "conversation" type taking "wire" into consideration
used for reassembly TCP analysis response times etc.
We *do* want a "Decode As" that applies to a conversation (i.e., which
doesn't change the dissector table, it just changes the per-conversation dissector setting), but we don't have it yet, as far as I know, so presumably you're referring to the way that feature would work.
Are you saying here that if the problem is that we're seeing both sides
of routing, so that you have two (or more) copies of the same packet in the capture, you would still want, for example, both instances of a given TCP connection dissected as the selected protocol, but would want TCP reassembly taking place separately on both instances?
Yes, when conversation is set up from say the SDP dissector for the upcoming rtp flow we will not know on which wire it will appear. ___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Guy Harris (Feb 06)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Anders Broman (Feb 08)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Guy Harris (Feb 08)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Anders Broman (Feb 08)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Guy Harris (Feb 08)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Anders Broman (Feb 08)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Guy Harris (Feb 08)
- Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS Anders Broman (Feb 08)