Wireshark-users: Re: [Wireshark-users] no dissecting on SCTP retransmissions or "retransmissions"

Date Prev · Date Next · Thread Prev · Thread Next
From: Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>
Date: Wed, 22 Mar 2023 19:16:06 +0100
Hello Jeff, all,
I would not say that Open Source is or predominantly is urge driven but the method suggested sort of works fine.

Kind Regards
Ariel Burbaickij

On Mon, Mar 20, 2023 at 9:04 PM Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:


On Mon, Mar 20, 2023 at 5:58 AM Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx> wrote:
Hello list,
I am aware of the similar exchange on TCP side which ended with following comment from Guy Harris on 01.09.2016:
"...

This has nothing to do with Lua; it has to do with the way the TCP dissector handles retransmissions.

If it's a retransmission, the original packet should have been dissected, so there should be no need to dissect the retransmission.

If it's not a retransmission, that's presumably an indication that TCP is mistakenly identifying it as a retransmission...."

The same behaviour of not decoding retransmission is observable in SCTP too. However, sometimes it is not genuine retransmission but double-tapping/double-forwarding from transparent taps, i.e. no changes at Ethernet/IP level and it would be good to see retransmitted or "retransmitted" packet decoded.

Are there any plans to make it configurable whether packets marked as retransmitted are dissected or not ?

As with much in Open Source software, there isn't much of a plan - things get implemented as people have the urge and time to do so.

In the past when I've needed to dissect retransmitted SCTP chunks, I've simply disabled SCTP's TSN analysis.  This prevents the SCTP dissector from detecting the retransmission which results in all the chunks being passed to the upper layer dissectors for dissection.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe