|Main Archive Page > Month Archives > wireshark-dev archives|
Imagine my surprise when Wireshark failed to decode the
AgentX protocol inside some captured packets. It all
depends on where the packets originated from (which OS).
Attached are two capture sessions of AgentX traffic.
One decodes... Between a Linux box and a Linux box.
One doesn't... Between a Windows box and a Linux box.
I'm not sure what triggers the failure, but in one case
Wireshark successfully decodes the AgentX traffic inside
the TCP PDU and in the other case it doesn't. The top
protocol window (when it doesn't decode) also tags the
packets as '[TCP segment of a reassembled PDU]'
The only difference I can see is the working packets have
a TCP options field and the non-working one doesn't.
The other difference I just noted is with TCP checksums.
After reviewing past postings, I started looking, and playing with
the TCP protocol option called 'Validate TCP Checksum if possible'
I can get packets decoded in one direction and not the other.
Why should this cause a problem?
and more importantly how can I work around it to have
Wireshark show me the decoded contents?
Sent via: Wireshark-dev mailing list <email@example.com>