Wireshark-bugs: [Wireshark-bugs] [Bug 1236] TCP allow subdissector to reassemble TCP stream does
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1236
ronniesahlberg@xxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Comment #4 from ronniesahlberg@xxxxxxxxx 2006-11-22 23:56 GMT -------
The problem here is that the segments are received out of order.
While wireshark can handle out-of-order segments for reassembly it still
requires that the segment containing the PDU header is the first one received
for that PDU.
Here you have segments 2, 4, 5 but where the header is in the retransmitted
packet 4.
For reassembly to work, the header must be in the first segment received. The
other segments can be out of order and reassembly would work but the first
semgents can not be out of order.
When wireshark detecs packet 2 it can not find any matching PDU that this
belongs to and thus marks it as a "continuation" since this is the best guess.
Once wireshark receives packet 4 which contains the header and where wireshark
learns between which sequence numbers this PDU spans, it is too late. It can
not go back and redissect packet 2.
I do not think this problem is solveable using the current codebase in
wireshark.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.