Re: Reassembly of IP fragments gets confused by multiple packets on different VLANS

[Guy Harris <guy () alum mit edu>]

On Feb 8, 2016, at 8:51 AM, Anders Broman <anders.broman () ericsson com> wrote:

> It seems like there might not be a "solve all" solution to the cases listed, it also seems to me like there is a need 
> for several flavors of "conversation"
> Such as the 5 tuple we have today for stuff like "decode as" and possibly other protocol data stored by the protocols 
> running on the transport protocol and
> A configurable(?) "conversation" type taking "wire" into consideration used for reassembly TCP analysis response 
> times etc.


We *do* want a "Decode As" that applies to a conversation (i.e., which doesn't change the dissector table, it just 
changes the per-conversation dissector setting), but we don't have it yet, as far as I know, so presumably you're 
referring to the way that feature would work.

Are you saying here that if the problem is that we're seeing both sides of routing, so that you have two (or more) 
copies of the same packet in the capture, you would still want, for example, both instances of a given TCP connection 
dissected as the selected protocol, but would want TCP reassembly taking place separately on both instances?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe