Hi,
Currently I am using Ethereal to capture and dissect BGP messages. It works well for most of the times. However, I noticed that when the BGP message header is over the edge of TCP segment, the BGP dissector will meet some problem. I have reported the bug and patch to Guy Harris. After checking in this patch, Ethereal BGP dissector works well when there is no TCP segment loss and retransmission.
However, when there is TCP segment loss and retransmission, I found BGP dissector didnt take the retransmission into consideration. Once one segment is lost and the following several TCP segment (depending on the length of the BGP message) may not be decoded correctly even though the retransmission of the lost segment are captured correctly. I think TCP layer has solved the problem of segment loss and retransmission. I don't know whether Ethereal's BGP dissector can be configured to handle the problem of segment loss and retransmission correctly. If not, are there any plan of adding this feature to the BGP dissector of Ethereal? I think this is not a problem only pertaining to BGP dissector. All other dissectors for the protocols based on TCP will have the similar problem. Adding the handling of TCP segment loss and retransmission in ethereal will be very helpful to the analysis of these protocols.
Are there anyone having experience on dealing TCP segment loss and retransmission with ethereal dissector? Hope to get you help.Thank you very much.
______________________________________
===================================================================