Re: TCP reassemble question

[Bo Xu <xubo.leo () gmail com>]

Hi Sake

   Thank you very much.
    This does help .
BR
Xu Bo

On Mon, May 17, 2010 at 1:21 AM, Sake Blok <sake () euronet nl> wrote:

>  On 16 mei 2010, at 15:40, Bo Xu wrote:
>
> > Wireshark can reassemble the tcp packets which is very cool feature.
> > For example ,If  the reassemble option is disabled in the  preference,
>  assume #9 and #10 are carrying the whole piece information , there will be
>  these 2 prompt line in #9  :
> > Numer of bytes in flight :1460
> > Last frame of this PDU : 10
> >
> > I would like to know how wireshark know these TCP segments are together
>  ?
>
> TCP is a streaming protocol, which means it just transmits the data it
> receives from an application to the receiving application on the receiving
> end. It has no knowledge of protocol data unit (PDU) bounderies. Just like
> the receiving application must know where the bounderies of each PDU are,
> the dissector the protocol that runs on top of TCP must know how to
> determine if the PDU is split over multiple TCP segments. And if it is, it
> tells the TCP dissector to collect more data. This goes on until it knows it
> has enough data to dissect a whole PDU.
>
> Hope this helps,
> Cheers,
>     Sake
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe