Grant Edwards wrote: > I'm tracing data in a TCP connection between two devices, and > about half way through the trace, wireshark stops displaying > packet info and just shows [TCP segment of a reassembled PDU]. > > It's _not_ a "TCP segment of a reassembled PDU". It's just a > stream of bytes.
To what does "it" refer? The entire TCP connection is the stream of bytes; individual packets are what are reported as TCP segments of a reassembled PDU. The protocol Wireshark thinks the connection is running atop TCP is done for which it does reassembly; it appears to think that a packet requiring reassembly is in the stream, but, for whatever reason - perhaps TCP segments that weren't captured, or perhaps a bug - can't finish the reassembly process for that packet. Try turning the reassembly option off for that protocol (if it has such an option in the preferences) or for TCP as a whole. Could you file a bug on this, and attach a capture that shows the problem, so, if there *is* a bug (rather than a missing packet), we can try to fix it? (Even if there is a missing packet, it might be possible to get the reassembly code to handle that better.) > I've told wireshard to not decode that TCP > stream What do you mean by "not decode"? > but it still refuses to display packet info. I think > it's getting confused by packets that aren't part of the TCP > stream in question. If they're present in the capture but not part of the stream, that won't affect the reassembly (unless there's a bug in the TCP reassembly code). _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
