Wireshark · Wireshark-users: [Wireshark-users] Wireshark not reassembling UDP packet

Wireshark-users: [Wireshark-users] Wireshark not reassembling UDP packet

From: Andre Kostur <akostur@xxxxxxxxxxxxx>

Date: Mon, 23 Apr 2012 16:57:35 -0700

Hi, using Wireshark 1.6.7 (SVN 41973). I have a pcap of a Kerberos exchange. The AS-REQ is a fragmented UDP packet with 2 fragments and is being correctly reassembled and shown. However, the AS-REP is a fragmented UDP packet with 3 fragments, but Wireshark is not reassembling this packet. It just shows the 1st packet as the AS-REP, but truncated (Packet size limited during capture). All three fragments have a consistent Identification field, the More Fragments bit is set on the first two fragments (and not the third. The Fragment offsets are 0, 1480, and 2960 (as you would expect. However, the Header checksum is listed as 0x0000. Perhaps Wireshark is upset with the checksum and thus refusing to reassemble the packet?

Andre Kostur

Follow-Ups:
- Re: [Wireshark-users] Wireshark not reassembling UDP packet
  - From: Sake Blok

Prev by Date: [Wireshark-users] [HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
Next by Date: Re: [Wireshark-users] Wireshark not reassembling UDP packet
Previous by thread: [Wireshark-users] [HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
Next by thread: Re: [Wireshark-users] Wireshark not reassembling UDP packet
Index(es):
- Date
- Thread