Wireshark-dev: Re: [Wireshark-dev] Help with desegmentation issue
As you’ve discovered, the TCP dissector won’t
attempt to reassemble packets if the TCP checksum is invalid. In the
short-term, you may choose to disable TCP checksum validation to try to work
around this. Edit -> Preferences ->
Protocols -> TCP -> Deselect “Validate the TCP checksum if possible” In the long-term, maybe a change to the TCP dissector could be
made to attempt reassembly even if the TCP checksum is bad, possibly through a
new TCP preference allowing this? I’m not sure how well that would
work though, so I leave it as a question/topic of discussion for the TCP
dissector author(s) and core developers. - Chris From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jarolin,
Robert I discovered
what the problem was with the dissection. I took the
data (4 packets) that had the data segmented and rebuilt the packet header data
including the TCP header using text2pcap. When I tried
to dissect these packets (that now had proper TCP checksums), my dissector
correctly desegmented the data. Any ideas what
to do about this issue? Thanks.
See my
original message below: vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv I have a
dissector that uses tcp_dissect_pdus that does not seem to be doing the
job. Please help. Under the
TCP portion of the dissection it properly says: What I am
doing wrong? Thanks for any help. Below are
excerpts from my dissector: #define
FRAME_HEADER_LEN 4 static
void static
guint //
myproto message (length is 2 bytes starting at offset 0 * 4)
printf("TOTAL of mesage = %u\n", length); // This prints 4428
/* Code to
actually dissect the packets */
CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. |
- References:
- [Wireshark-dev] Help with desegmentation issue
- From: Jarolin, Robert
- Re: [Wireshark-dev] Help with desegmentation issue
- From: Jarolin, Robert
- [Wireshark-dev] Help with desegmentation issue
- Prev by Date: Re: [Wireshark-dev] USB dissection
- Next by Date: Re: [Wireshark-dev] Help with desegmentation issue
- Previous by thread: Re: [Wireshark-dev] Help with desegmentation issue
- Next by thread: Re: [Wireshark-dev] Help with desegmentation issue
- Index(es):