On 7/7/05, Jeff Morriss <jeff.morriss@xxxxxxxxxxx> wrote:
> 
> Hi list,
> 
> Has anyone ever thought about adding the kind of advanced sequence 
> number analysis that the TCP dissector has to SCTP (detecting 
> retransmissions, duplicate ACKs, etc.)?
That would be very useful for SCTP users.
> 
> In TCP it's done inside the dissector (which allows cool things like 
> jumping do the frame with the duplicate ack) but is that how it should 
> be done now or would a tap be better?  
This can probably not be made into a tap since the TCP dissector needs
this information while dissecting the packet while a TAP and the
TAPped data is only available after the packet has been fully
dissected and after packet_dissect() has returned.
What should be done though is to add a pointer in the main tcp header
structure that a TCP tap receives to point to any (if it exists)
associated tcp sequence number analysis structure    so that a TCP tap
can easily access the analysis data.
This would allow us to produce a new statistics dialogue with things like 
a statistics window that lists number of retransmissions on a per tcp
session basis.
This window could be sorted accoring to largest number of TCP retransmissions,
and if we also add a TCP RTO time field (which should be semi-easy to
do, list the accumulated time for that session spent waiting for a
timeout.
This would make it even more easy to spot performance issues related
to packetloss/tcp rto.
(Or should be be added to the 
> existing--GUI based--SCTP statistics stuff?  Could that be adapted to do 
> this?)
I think it would be best for such a protocol specific feature as this
to implement it from scratch inside the SCTP dissector.