Wireshark · Wireshark-users: Re: [Wireshark-users] Disabling TCP reassembly does not work

Wireshark-users: Re: [Wireshark-users] Disabling TCP reassembly does not work

From: wsgd <wsgd@xxxxxxx>

Date: Wed, 18 Feb 2009 21:11:05 +0100


I wanted to say that
the packets (with size = 2974 or 4434 or ...) we see into wireshark
are the real packets received from the network (through winpcap or ...).
I really think Wireshark do NOT reassemble them.

Perhaps you can check with another tool (windump for example).


Olivier


Surendra Kumar a écrit :

Yes, I still see 2920 as the length in frame# 2 for instance. Andframe# 8 is 4380 ... in ver 0.99.8 and event 1.0.5
It seems like just unchecking the subdissector is not sufficient ?

Surendra.

------------------------------------------------------------------------
*From:* wsgd <wsgd@xxxxxxx>
*To:* Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
*Sent:* Wednesday, February 18, 2009 10:40:07 AM
*Subject:* Re: [Wireshark-users] Disabling TCP reassembly does not work

wireshark 1.0.3, 1.0.5 and 1.1.3 : ok as described by Ronnie

It seems you really receive packets with size = 2974 or 4434 or ..., no ?


Olivier

ronnie sahlberg a écrit :
>
> Reassembly works fine for me.
>
> When it is disabled the header is decoded in the first frame, frame 2,
> of the pdu.
> When enabled it shows the full reassembled pdu in frame 41.
>
>
>
> On Wed, Feb 18, 2009 at 11:46 AM, Surendra Kumar<surendrakm@xxxxxxxxx <mailto:surendrakm@xxxxxxxxx>
> <mailto:surendrakm@xxxxxxxxx <mailto:surendrakm@xxxxxxxxx>>> wrote:
>
>
>    The capture file is attached now. Thanks!
>------------------------------------------------------------------------> *From:* Surendra Kumar <surendrakm@xxxxxxxxx<mailto:surendrakm@xxxxxxxxx>
>    <mailto:surendrakm@xxxxxxxxx <mailto:surendrakm@xxxxxxxxx>>>
> *To:* wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>> <mailto:wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>>
>    *Sent:* Tuesday, February 17, 2009 3:01:24 PM
>    *Subject:* [Wireshark-users] Disabling TCP reassembly does not work
>
>    I disabled the "Allow subdissector ..." but still see them being
>    reassambled. Tried multiple versions - 0.99.x to 1.0.6 but does
>    not work on any of them. I see that the negotiated MSS is 1460,
>    but then see segment lengths in the order of 10s of KB. I've
>    attached a pcap file.
>    I have a need to see the packets as they appear on the wire. Let
>    me know if there is more to disabling this.
>
>    The host machine is running Win3K R2 and SP2
>
>    Thanks,
>    SK.
>
>
>
>
>___________________________________________________________________________
>    Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx><mailto:wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>>>
>    Archives:    http://www.wireshark.org/lists/wireshark-users
>    Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>> <mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>>?subject=unsubscribe
>
>
> ------------------------------------------------------------------------
>
>___________________________________________________________________________> Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
--
Wireshark Generic Dissector http://wsgd.free.fr

___________________________________________________________________________
Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx <mailto:wireshark-users@xxxxxxxxxxxxx>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Wireshark Generic Dissector http://wsgd.free.fr

Follow-Ups:
- Re: [Wireshark-users] Disabling TCP reassembly does not work
  - From: Bill Meier

References:
- [Wireshark-users] Disabling TCP reassembly does not work
  - From: Surendra Kumar
- Re: [Wireshark-users] Disabling TCP reassembly does not work
  - From: Surendra Kumar
- Re: [Wireshark-users] Disabling TCP reassembly does not work
  - From: ronnie sahlberg
- Re: [Wireshark-users] Disabling TCP reassembly does not work
  - From: wsgd
- Re: [Wireshark-users] Disabling TCP reassembly does not work
  - From: Surendra Kumar

Prev by Date: Re: [Wireshark-users] Disabling TCP reassembly does not work
Next by Date: Re: [Wireshark-users] Disabling TCP reassembly does not work
Previous by thread: Re: [Wireshark-users] Disabling TCP reassembly does not work
Next by thread: Re: [Wireshark-users] Disabling TCP reassembly does not work
Index(es):
- Date
- Thread