Folks, In the DNP3 dissector I am using tcp_dissect_pdus() to handle data across multiple tcp segments. It mostly works but in the attached capture things go a bit awry.
The DNP3 data consist of 2 pdus, the first is 292 bytes, the second is 178 bytes. The first pdu is contained in frames 1, 3 and part of 5 and the second is in the rest of frame 5 & frame 7. When frame 5 is selected, the tcp tree correctly indicates the lengths of the two pdus and the "Reassembled TCP Segments" item is correct for the first pdu. Problem 1: The "TCP segment data" item for the first pdu is incorrect as it shows the whole segment size of 206 bytes instead of the 62 bytes of the first pdu and when the item is selected the hex window shows the whole 260 bytes of the TCP segment instead of the first 62 bytes. Problem 2: The second DNP3 pdu is not reassembled at all in frame 7, I think all the data is there, but presume because of some upset due to the first issue things aren't right. Can the tcp reassembly experts have a look at this? -- Regards, Graham Bloice
cap12.pcap
Description: Binary data
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
