Wireshark-bugs: [Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS
Comment # 10
on bug 12882
from Michael Mann
(In reply to Guy Harris from comment #9)
> If there are TCP dissectors that do reassembly, use a heuristic, and don't
> use conversation_set_dissector(), there can be cases where the reassembly
> will fail, so those dissectors are buggy.
Are you talking TCP reassembly or reassembly of layer above the protocol
running over TCP? (TDS certainly qualifies trying to reassemble NETLIB)
I think I've been lulled into believing that heuristics are used for the start
of a packet and most TCP dissectors use them just because they don't have the
"determinism" of a reserved IANA port. How often are you really presented with
the start of a TCP PDU in the middle of a TCP packet? Maybe the first PDU at
the start of a capture, and I guess I can usually live with that (not being
dissected), because it would end up being way too expensive (performance) to
ensure Wireshark "guessed right". I also sometimes have a hard time
distinguishing "need" (for heuristics) from overzealous developer trying to put
as many entrances to his protocol as possible (especially with older
dissectors).
I still think switching to TDS to use tcp_dissect_pdus is worthwhile, but
without removing conversation_set_dissector(), this capture is still stuck
thinking it's TDS. I can see the merits of keeping the
conversation_set_dissector, I'm just not sure how practical it is and I would
be okay removing the heuristic dissector altogether (in favor of using
preferences/Decode As) rather than disabling the heuristic for being too weak.
You are receiving this mail because:
- You are watching all bug changes.