LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-24-2014, 03:12 PM   #1
ichrispa
Member
 
Registered: Mar 2005
Location: Dresden, Germany
Distribution: OpenSuse 11.2/3, Debian 5.0 , Debian 1.3.1, OpenBSD
Posts: 277

Rep: Reputation: 32
Wireshark identifies complete Package as PDU Fragement


Hello everyone,

I am building a hardware implementation of a tcp/ip socket and I'm using wireshark 1.10.0 to analyze the testbenches in-/outgoing packages.

I have a short sequence in the middle of my package flow that goes approx. like this:

Code:
13: A -> B: [PSH,ACK]  Seq=191 Ack=165 Len=94
14: B -> A: [ACK]      Seq=165 Ack=285 Len=0
15: B -> A: [PSH,ACK]  Seq=165 Ack=285 Len=424
16: A -> B: [ACK]      Seq=285 Ack=589 Len=0
where B is my hardware. As far as I can see, there is nothing wrong with this package sequence. I checked the IPv4 Lengths and Header Sizes for both IP and TCP. Note that Ack/Seq are of course given as relative numbers.

When I use Wireshark to analyze the protocol encapsulated in tcp/ip, package 15 is shown as [TCP segment of a reassembled PDU] and no package dissectors are applied to it. Wireshark also claims that there are 424 Bytes in flight, which it does for all packets that have PSH set.

Edit: Package 15 is not a PDU fragment. It is aligned with the package Seq/Acks for previous and following packes and carries a PSH Flag. Just for clarification.

So... why won't wireshark process package 15 as a complete package? Why is it considered a fragment? I vote for a wireshark (package dissector) bug, but if wireshark is right this might be an error of my hardware.

Kind regards,

ichrispa

Last edited by ichrispa; 11-24-2014 at 03:16 PM. Reason: clarification about package 15's contents
 
Old 11-24-2014, 06:04 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I concur this may be a dissector bug. That's the reason I commonly disable all resolution options and most dissectors in my profile when working with Wireshark: don't need it and less chance of getting bitten by that kind of thing.
 
Old 11-25-2014, 01:28 PM   #3
ichrispa
Member
 
Registered: Mar 2005
Location: Dresden, Germany
Distribution: OpenSuse 11.2/3, Debian 5.0 , Debian 1.3.1, OpenBSD
Posts: 277

Original Poster
Rep: Reputation: 32
Thank you for your reply unSpawn.

Is there a way to inspect the dissectors error messages? I haven't found any parameter or gui-option that would allow me to find out what exactly causes this behavior. Maybe some sort of verbose dissector application to the particular packet or something?

It all depends on the dissector of course, but so far I can only find guides on creating a new dissector for wireshark and none that detail the debugging of an existing one.
 
Old 11-26-2014, 12:42 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by ichrispa View Post
Is there a way to inspect the dissectors error messages?
I don't know of any, probably a question best answered by the Wireshark devs...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Easy way to install complete package? Lufbery Fedora 3 09-06-2010 09:17 PM
why can't display string when wireshark capture package? aleon Linux - Newbie 3 03-26-2009 04:14 AM
SNMP PDU commands genderbender Linux - Networking 0 11-30-2005 05:17 AM
GVRP pdu and protocol ID using RAW socket hemantrath Linux - Networking 0 04-25-2004 09:06 AM
COMPLETE development package Milkman00 Linux - Software 1 03-26-2004 11:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration