> An important feature would be to provide somehow the dissectors with the
> concatenated data from multiple packets.
Yes!
> An incarnation of the same problem are fragmented UDP packets.
Yes!
> Modern NFS servers support 32K read/write size, so we get (over Ethernet)
> 23 UDP fragments (1472 UDP bytes) and only the first has the UDP/RPC/NFS
> header.
Even boring old 8K reads/writes have this problem over most network -
and READDIR replies are even worse.
This is what got me interested in packet analyzer programs in the first
place - "snoop" couldn't decode past the first fragment of a READDIR
reply (and Microsoft Network Monitor couldn't decode past the first TCP
segment of a FindFirst/FindNext reply, which is the equivalent problem
for SMB), and I had to do it by hand. (The underlying problem was
probably a file system problem I discovered when looking at a separate
non-networking crash, so perhaps a better tool wouldn't have helped,
but....)
I've wanted better capabilities for quite a while, and have been
thinking about how to do it for a while - unfortunately, I don't have a
definite idea on how to do it, but I'll try to put together my current
ideas soon (where "soon" may not be until some time next week).
