wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: [Wireshark-dev] Dissecting TCP PDUs

[Wireshark-dev] Dissecting TCP PDUs

From: Alexander Koeppe <format_c_at_nospam>
Date: Thu Oct 21 2010 - 16:56:33 GMT
To: wireshark-dev@wireshark.org

Hi

I have a question about the general concept about dissecting PDUs under
the TCP tree:

   ,-----------------------------------
   | Transmission Control Protocol, Src Port: ....
   | ...
   | [PDU Size: 123]
   | [PDU Size: 124]
   | TCP segment data (50 bytes)
   `-----------------------------------

I have seen captures where e.g. several NetBIOS PDUs has been dissected
as an individual branch of the protocol tree. Those PDUs aren't
displayed under the TCP tree as mentioned above.

Another protocol e.g. FIX (which is quite new), is being dissected as an
individual branch of the protocol tree AND under the TCP tree as well.

What I do not really understand is the actual concept behind that.
I'd assume that only PDUs that are not dissected as an individual branch
of the protocol tree should be displayed under the TCP tree as
"anonymous" PDUs if possible.

Can you please advice?

Cheers

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe