wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Dissecting TCP PDUs

Re: [Wireshark-dev] Dissecting TCP PDUs

From: Christopher Maynard <Chris.Maynard_at_nospam>
Date: Mon Oct 25 2010 - 19:11:09 GMT
To: wireshark-dev@wireshark.org

Alexander Koeppe <format_c@...> writes:

> I have seen captures where e.g. several NetBIOS PDUs has been dissected
> as an individual branch of the protocol tree. Those PDUs aren't
> displayed under the TCP tree as mentioned above.

> Another protocol e.g. FIX (which is quite new), is being dissected as an
> individual branch of the protocol tree AND under the TCP tree as well.
>
You are likely looking at a reassembled FIX packet since FIX relies on
tcp_dissect_pdus(), whereas NetBIOS does not. The part under TCP is just the
unreassembled segment data of just one segment, but the part in its own
individual branch is all the reassembled segments that comprise the FIX packet.

There might also be a difference because FIX registers as a TCP heuristic
dissector whereas NetBIOS does not. You might post a small capture file of each
that depicts what you describe.

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe