Wireshark-users: Re: [Wireshark-users] what does "TCP segment of a reassembled PDU" mean?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Xu nanxuan <mybayern1974@xxxxxxxxxxx>
Date: Wed, 4 Jun 2008 15:19:29 +0800
Thanks!
But the problem is: why the first half of my test transmission shows normal packet info, but the second half show "TCP segment of a reassembled PDU"?
To be more concrete, my server is FTP, but i changed its port to another one from 21. In the first half of the whole transmission process, the info shown is like the following:
========================================
server->client SEQ=... ACK... LEN... WinSize...
server->client SEQ=... ACK... LEN... WinSize...
client->server SEQ=... ACK... LEN... WinSize...
server->client SEQ=... ACK... LEN... WinSize...
server->client SEQ=... ACK... LEN... WinSize...
client->server SEQ=... ACK... LEN... WinSize...
server->client SEQ=... ACK... LEN... WinSize...
server->client SEQ=... ACK... LEN... WinSize...
client->server SEQ=... ACK... LEN... WinSize...
========================================
But as to the second half of the transmission:
========================================
server->client TCP segment of a reassembled PDU
server->client TCP segment of a reassembled PDU
client->server SEQ=... ACK... LEN... WinSize...
server->client TCP segment of a reassembled PDU
server->client TCP segment of a reassembled PDU
client->server SEQ=... ACK... LEN... WinSize...
server->client TCP segment of a reassembled PDU
server->client TCP segment of a reassembled PDU
client->server SEQ=... ACK... LEN... WinSize...
========================================
why does such difference exist?
 
BTW:why regularly every two "server->client" packets map a single "client->server" packet?


> Date: Mon, 26 May 2008 12:36:22 -0700
> From: guy@xxxxxxxxxxxx
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-users] what does "TCP segment of a reassembled PDU" mean?
>
> Xu nanxuan wrote:
> > When downloading a big file from the server, initially the info in the
> > list column of wireshark sound reasonable. However, as the downloading
> > process ends(using totally about 60 secs), the time stamp in wireshark
> > console just passed 30 secs. And in the next 60-30=30 secs, only "TCP
> > segment of a reassembled PDU" is shown in the list column, while the
> > detail info of each these packets are still reasonable.
> >
> > Then 2 questions:
> > 1.what does "TCP segment of a reassembled PDU" mean?
>
> It means that Wireshark thinks the packet in question contains part of a
> packet (PDU - "Protocol Data Unit") for a protocol that runs on top of TCP.
>
> If the reassembly is successful, the TCP segment containing the last
> part of the packet will show the packet.
>
> The reassembly might fail if some TCP segments are missing.
>
> > 2.If i do not want to see "TCP segment of a reassembled PDU", how can i
> > view the correct info just as those in the first "30 secs"?
>
> Turn off TCP reassembly in the preferences for TCP.
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users


Discover the new Windows Vista Learn more!