Thanks for the information. So you mean to say that the upper layer tells TCP about its size. Could you please tell me how SABP does this?
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Guy Harris Sent: Friday, February 07, 2014 3:54 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] TCP Reassembly in wireshark On Feb 7, 2014, at 12:06 AM, Vishnu Bhatt <[email protected]> wrote: > How does wireshark know when to reassemble the TCP segments? How TCP gets to > know in wireshark that whether to send the payload to the upper layer or to > reassemble it in some other frame? It gets told by the dissector for the upper layer. > Is there any header field? Not in TCP. The service offered by TCP is a byte stream, with no packet boundaries visible; a TCP implementation can divide up the bytes handed to it by the upper-layer protocol in any way that it chooses. This means that if the protocol running atop TCP has message boundaries, that protocol must somehow arrange to determine when a message begins or ends. Many protocols do this by putting a message length field into the message header; for example, that's how DNS-over-TCP, ONC RPC-over-TCP, and SMB-over-TCP work. Wireshark has a routine tcp_dissect_pdus(), which a dissector for a protocol running on top of TCP and using a message length field can use. For HTTP, the header for a request or response continues up to a blank line, and the entity-body for a request or response might be indicated by the connection on which it's being sent closing, by the length of the entity-body being specified in the header with a Content-Length: header field, or in various other fashions. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe =============================================================================== Please refer to http://www.aricent.com/legal/email_disclaimer.html for important disclosures regarding this electronic communication. =============================================================================== ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
