Wireshark · Ethereal-dev: Re: [Ethereal-dev] TCP Framentation bug?

Ethereal-dev: Re: [Ethereal-dev] TCP Framentation bug?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Fri, 28 Feb 2003 17:01:54 +0000

Devin Heitmueller wrote:

Shouldn't this be based in part on the result of the TCP checksum?  If
the TCP checksum validation fails, the peer is going to discard the
packet and wait for a retransmit.  In this case, we should probably be
dissecting the second packet, not the first.  There is little value in
attempting to dissect a packet that fails the TCP checksum, as it could
contain complete garbage.

Ethereal already does it.

Here the pb is :

we have a tcp segment, in frame 709, this segment is ACKed and fullydecoded as NCP, 10 mn later a keep alive is sent


F 709    xx xx xx ff 00
F 2828                   ff
After come a new packet
F  7050 yy yy yy yy yy
Now ethereal wrongly desegments F 2828 + F 7050 as
ff yy yy yy yy yy yy yy

By design F2828 can't be pushed back in F 709, and in this case itshouldn't anyway.


Didier

References:
- Re: [Ethereal-dev] TCP Framentation bug?
  - From: Greg Morris
- Re: [Ethereal-dev] TCP Framentation bug?
  - From: didier
- Re: [Ethereal-dev] TCP Framentation bug?
  - From: Devin Heitmueller

Prev by Date: RE: [Ethereal-dev] TCP Framentation bug?
Next by Date: Re: [Ethereal-dev] TCP Framentation bug?
Previous by thread: Re: [Ethereal-dev] TCP Framentation bug?
Next by thread: RE: [Ethereal-dev] TCP Framentation bug?
Index(es):
- Date
- Thread