Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12411] All but the last packet of a reassembled PDU over TCP is labeled as TCP

Wireshark-bugs: [Wireshark-bugs] [Bug 12411] All but the last packet of a reassembled PDU over T

Date: Mon, 09 May 2016 22:15:44 +0000

Comment # 8 on bug 12411 from Guy Harris

(In reply to Jaap Keuter from comment #3)
> (In reply to Dmitriy from comment #2)
> > So adding a mechanism of labelling all such packets as HTTP and not just the
> > final ones 
> 
> Here you only consider the 'sunny day scenario' of all TCP fragments (and
> possibly all IPv4 fragments underneath those! How are these to be labeled?)
> are indeed captured. What if a fragment is missing, a rainy day scenario?

In *that* scenario, you might have to turn reassembly off.

> That is usually when Wireshark is called into action.

Not necessarily - the HTTP message might have been transferred correctly, but
there might be some higher-level problem with it.  In *that* scenario, you want
reassembly turned on, so that you can look at the HTTP message (or NFS-over-TCP
message, or SMB message, or AFP message, or DNS-over-TCP message, or...).

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 12411] New: HTTP POST spanning 2 successive packets not decoded
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12411] All but the last packet of a reassembled PDU over TCP is labeled as TCP
Next by Date: [Wireshark-bugs] [Bug 12418] New: request adding SIP customized header just like HTTP
Previous by thread: [Wireshark-bugs] [Bug 12411] All but the last packet of a reassembled PDU over TCP is labeled as TCP
Next by thread: [Wireshark-bugs] [Bug 12411] All but the last packet of a reassembled PDU over TCP is labeled as TCP
Index(es):
- Date
- Thread