Re: asking a question

[Jaap Keuter <jaap.keuter () xs4all nl>]

As should I. Thanks Sake. :-)

Sake Blok wrote:
> Jaap,
>
> You're mixing the IP fragmentation and TCP segmentation to a nice cocktail 
> ;-)
>
> The "TCP segment of a reassembled PDU" message means that some protocol on 
> top of TCP sent a PDU to the TCP layer which the TCP layer was not able to 
> send to the IP layer in one segment (which has a maximum size called the 
> maximum segment size or in short MSS). The TCP layer will split up the 
> message into several segments and hand those segment over the the IP layer 
> for transport. When wireshark sees a TCP segment which does not contain the 
> full upper layer PDU, wireshark will gather the data in the following 
> packets until the PDU is complete.Then the full PDU is handed to the 
> dissector which interprets its content en shows it to the user. You can turn 
> this behavior off in the TCP protocol preferences (unset "allow subdissector 
> to reassemble tcp streams").
>
> Fragmentation at the IP layer occurs when an IP packet traveling across a 
> network encounters a link (or tunneling) which can not transport packets of 
> that size. It then splits up the IP packet into multiple IP fragments. This 
> will be shown in wireshark as "Fragmented IP protocol (proto=XXX, off=XXXX, 
> ID=XXXX).
>
> Jaap is right, it is wise to do some reading regarding basic IP and TCP 
> protocol workings...
>
> Cheers,
>
>
> Sake
>
> ----- Original Message ----- 
> From: "Jaap Keuter" <jaap.keuter () xs4all nl>
> To: "Community support list for Wireshark" <wireshark-users () wireshark org>
> Sent: Wednesday, December 16, 2009 6:42 PM
> Subject: Re: [Wireshark-users] asking a question
>
>
> > Hi,
> >
> > The protocol stack is called TCP/IP, that is Transport Control Protocol 
> > over
> > Internet Protocol. When the IP protocol layer cannot carry the TCP layer 
> > PDU as
> > a whole, it fragments it, and sends the TCP segments one by one. These are 
> > the
> > packets you see.
> > Wireshark is able to tell that these are TCP segments and can do its best 
> > to
> > reassemble the original TCP PDU for you. The result will then be presented 
> > with
> > the last TCP segment coming in.
> >
> > This is basic TCP/IP stuff. Read your Stevens, or Wikipedia for that 
> > matter.
> >
> > Thanks,
> > Jaap
> >
> > chendahong () bj xinwei com cn wrote:
> > > When I used the wireshark to capture ip packets, the wireshark considered
> > > some packets as "TCP segment of a reassembled PDU".
> > >
> > > Please explain the means of "TCP segment of a reassembled PDU" to me.
> > >
> > > thanks.
>              mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe