Hi all, I'm posting to know a header structure of fragmented packets. and don't know how can i upload image and wireshark files so link my question as the below. (it's my blog and image, wireshark includes) http://blog.daum.net/bungbung77/16781142
3~4 : fragmented packets Header structure 1: IP/UDP/SIP (1500bytes = ip header 20bytes + payload 1480bytes) 2: IP/Data 3: IP/Data (1444bytes = ip header 20bytes + payload 1424bytes) 4:IP/UDP/SIP in my guess, 1's structure is same with 3 (and 2 is same with 4) but 1's header structure isn't same with 3 (and 2 didn't with 4) why wireshark shows like the above? asked 20 Jan '14, 07:25  Ray_Han007 edited 20 Jan '14, 07:28 |
1~2 : fragmented packets
One Answer:
That happens because your Wireshark is doing IPv4 datagram reassembly, which means that it gathers all datagrams and displays them in a reassembled order. To see the "real" packets you can turn that feature off. Go to Edit -> Preferences -> Protocols -> IPv4 and deselect "Reassemble fragmented IPv4 datagrams" (or something similar; these captions change sometimes depending on your version of Wireshark). answered 20 Jan '14, 08:48  Jasper ♦♦ edited 21 Jan '14, 01:35 Hi Jasper thanks for your comments it's a great help to understand my question. and hope to have a good day!! Thanks (20 Jan '14, 18:21) Ray_Han007 |
Just to answer that side question on how to upload a packet capture, one easy way to do that is cloudshark: http://cloudshark.org/