wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: [Wireshark-dev] TCP data PDU decoding fails depen

[Wireshark-dev] TCP data PDU decoding fails depending on TCP options field?

From: Fulko Hew <fulko.hew_at_nospam>
Date: Fri Oct 01 2010 - 17:53:30 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

Imagine my surprise when Wireshark failed to decode the
AgentX protocol inside some captured packets. It all
depends on where the packets originated from (which OS).

Attached are two capture sessions of AgentX traffic.

One decodes... Between a Linux box and a Linux box.
One doesn't... Between a Windows box and a Linux box.

I'm not sure what triggers the failure, but in one case
Wireshark successfully decodes the AgentX traffic inside
the TCP PDU and in the other case it doesn't. The top
protocol window (when it doesn't decode) also tags the
packets as '[TCP segment of a reassembled PDU]'

The only difference I can see is the working packets have
a TCP options field and the non-working one doesn't.

The other difference I just noted is with TCP checksums.
After reviewing past postings, I started looking, and playing with
the TCP protocol option called 'Validate TCP Checksum if possible'
I can get packets decoded in one direction and not the other.

Why should this cause a problem?
and more importantly how can I work around it to have
Wireshark show me the decoded contents?


Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev