Wireshark-bugs: [Wireshark-bugs] [Bug 2103] TCP dissector fail to handle heuristic dissectors fo
Date: Sun, 16 Dec 2007 00:47:31 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2103





------- Comment #8 from gerhard.nospam@xxxxxxxxx  2007-12-16 00:47 GMT -------
The "Reassembled TCP Segments" section seem to be incorrect, but the actual
dissection seem to work fine, also in the provided capture.
The end of the "reassembled segment" is set to the end of the complete tcp
sement instead of the reassembled length.

Some blurb:
On line 1600 and 1730 there is an assumption that setting
DESEGMENT_ONE_MORE_SEGMENT means that MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT is
implied. That is true for the first frame and the flag is reset on line 1471,
but that seems not to be fully working. Or the segment is added on line 3100,
there the end is always the end of the segment.

I believe this is a presentation rather than a functional problem.

----------
TCP segment size is OK as I see, but there seem to be a start of another
dsi/afp packet in frame 2. The TCP reassembly reports two 40 byte PDUs
(dsi(24)+afp(16)) but the second pdu continues in frame 3. Frame 3 has invalid
checksum.

By default, frame 3 reports "Incorrect TCP Checksum: DSI". If TCP checksum
validation is deselected, the second DSI/AFP packet is listed under frame 3.

I would have like to see the second dsi/afp also in frame 2, difficult to
display data...

(In reply to comment #6)
> Created an attachment (id=1273)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1273&action=view) [details]
> tcp desegmentation ok but display the wrong size for reassembled segment
> 
> Still a bug:
> 
> in the attached capture:
> frame 2: tcp segment 2 size is wrong
> 


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.