Wireshark-dev: [Wireshark-dev] TCP PDU reassembly problem.
Folks,
In the DNP3 dissector I am using tcp_dissect_pdus() to handle data
across multiple tcp segments. It mostly works but in the attached
capture things go a bit awry.
The DNP3 data consist of 2 pdus, the first is 292 bytes, the second is
178 bytes. The first pdu is contained in frames 1, 3 and part of 5 and
the second is in the rest of frame 5 & frame 7.
When frame 5 is selected, the tcp tree correctly indicates the lengths
of the two pdus and the "Reassembled TCP Segments" item is correct for
the first pdu.
Problem 1:
The "TCP segment data" item for the first pdu is incorrect as it shows
the whole segment size of 206 bytes instead of the 62 bytes of the first
pdu and when the item is selected the hex window shows the whole 260
bytes of the TCP segment instead of the first 62 bytes.
Problem 2:
The second DNP3 pdu is not reassembled at all in frame 7, I think all
the data is there, but presume because of some upset due to the first
issue things aren't right.
Can the tcp reassembly experts have a look at this?
--
Regards,
Graham Bloice
Attachment:
cap12.pcap
Description: Binary data