Wireshark-users: Re: [Wireshark-users] what does "TCP segment of a reassembled PDU" mean?
From: Xu nanxuan <mybayern1974@xxxxxxxxxxx>
Date: Wed, 4 Jun 2008 15:19:29 +0800
|
Thanks! But the problem is: why the first half of my test transmission shows normal packet info, but the second half show "TCP segment of a reassembled PDU"? To be more concrete, my server is FTP, but i changed its port to another one from 21. In the first half of the whole transmission process, the info shown is like the following: ======================================== server->client SEQ=... ACK... LEN... WinSize... server->client SEQ=... ACK... LEN... WinSize... client->server SEQ=... ACK... LEN... WinSize... server->client SEQ=... ACK... LEN... WinSize... server->client SEQ=... ACK... LEN... WinSize... client->server SEQ=... ACK... LEN... WinSize... server->client SEQ=... ACK... LEN... WinSize... server->client SEQ=... ACK... LEN... WinSize... client->server SEQ=... ACK... LEN... WinSize... ======================================== But as to the second half of the transmission: ======================================== server->client TCP segment of a reassembled PDU server->client TCP segment of a reassembled PDU client->server SEQ=... ACK... LEN... WinSize... server->client TCP segment of a reassembled PDU server->client TCP segment of a reassembled PDU client->server SEQ=... ACK... LEN... WinSize... server->client TCP segment of a reassembled PDU server->client TCP segment of a reassembled PDU client->server SEQ=... ACK... LEN... WinSize... ======================================== why does such difference exist? BTW:why regularly every two "server->client" packets map a single "client->server" packet? > Date: Mon, 26 May 2008 12:36:22 -0700 > From: guy@xxxxxxxxxxxx > To: wireshark-users@xxxxxxxxxxxxx > Subject: Re: [Wireshark-users] what does "TCP segment of a reassembled PDU" mean? > > Xu nanxuan wrote: > > When downloading a big file from the server, initially the info in the > > list column of wireshark sound reasonable. However, as the downloading > > process ends(using totally about 60 secs), the time stamp in wireshark > > console just passed 30 secs. And in the next 60-30=30 secs, only "TCP > > segment of a reassembled PDU" is shown in the list column, while the > > detail info of each these packets are still reasonable. > > > > Then 2 questions: > > 1.what does "TCP segment of a reassembled PDU" mean? > > It means that Wireshark thinks the packet in question contains part of a > packet (PDU - "Protocol Data Unit") for a protocol that runs on top of TCP. > > If the reassembly is successful, the TCP segment containing the last > part of the packet will show the packet. > > The reassembly might fail if some TCP segments are missing. > > > 2.If i do not want to see "TCP segment of a reassembled PDU", how can i > > view the correct info just as those in the first "30 secs"? > > Turn off TCP reassembly in the preferences for TCP. > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users Discover the new Windows Vista Learn more! |
- Prev by Date: [Wireshark-users] How does wireshark get "Time" shown in the listview?
- Next by Date: [Wireshark-users] Question about "TCP previous segment lost" in LAN
- Previous by thread: Re: [Wireshark-users] How does wireshark get "Time" shown in the listview?
- Next by thread: [Wireshark-users] Question about "TCP previous segment lost" in LAN
- Index(es):