Wireshark-users: Re: [Wireshark-users] Getting sequence from TCP reassembled PDU

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Fri, 16 Apr 2010 22:35:27 +1000
Pelayo,

The quick fix to your problem is to go to Edit -> Preferences -> Protocols -> TCP and uncheck the box "Allow subdissectors to reassemble TCP streams"

You could also add a Custom Column to your display with tcp.seq as the field. (I create my own  "TCP" configuration profile that has tcp.seq and tcp.ack as custom columns to aid troubleshooting TCP flow issues.

Regards, Martin

MartinVisser99@xxxxxxxxx


2010/4/16 Pelayo Ramón <pelayor@xxxxxxxxx>
Hello.

I am new to wireshark, and i have achieved some knolowdge about how it
works, but I have problem I do not know how to resolve.

To get a picture of the problem.
Im developing a socket library to easy the development of simple
server-multiple-client transmission . I has internal transmission flow
control and a control channel via UDP.

I am testing it by stressing the transmission trough a switched 100Mb
ethernet with 11 clients sending 32MB to the server. The server is
linux and the clients windows.

To see the performance I am plotting the TCP sequence numbers against
time of the different TCP streams.

I have wireshark running in the server and in one client.

The problem comes when the LAN is really overloaded and the switch
begins to fill the queues.
Wireshark begins to give "TCP reassembled PDU" in client capture and
also in server capture.

A small capture piece to ilustrate it:
Client is the *.125 ip and server is the *.182

"337","8.070825","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=159445 Win=65535 Len=0"
"338","8.071070","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=162365 Win=65535 Len=0"
"339","8.071219","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=163845 Win=65535 Len=0"
"340","8.071429","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=166765 Win=65535 Len=0"
"341","8.071693","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=169685 Win=65535 Len=0"
"342","8.071942","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=172605 Win=65535 Len=0"
"343","8.072049","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=174085 Win=65535 Len=0"
"344","8.075711","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"345","8.075728","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"346","8.075742","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"347","8.075755","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"348","8.075767","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"349","8.075779","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"350","8.075790","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"351","8.075801","156.35.152.125","156.35.152.182","TCP","[TCP segment
of a reassembled PDU]"
"352","8.076314","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=177005 Win=65535 Len=0"
"353","8.076586","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=179925 Win=65535 Len=0"
"354","8.076814","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=182845 Win=65535 Len=0"
"355","8.076942","156.35.152.182","156.35.152.125","TCP","commplex-main
> xrl [ACK] Seq=1 Ack=184325 Win=65535 Len=0"

reassemble TCP streams is on.

What can i do to get the sequence number of those TCP segments?

Thanks in advance.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe