This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why TCP reassembly not successful?

0

The trace with problem can be downloaded from the link below.

https://www.dropbox.com/s/rk8il8u6z73t57d/TLS.pcap?dl=0

First, decode it as SSL.

And Frame#7 is supposed to be reassembled with Frame#6. However, Frame#7 only shows "TCP segment of a reassembled PDU".

Is it the issue with those two frames? Thanks.

asked 22 Jul '15, 02:26

radhk's gravatar image

radhk
11115
accept rate: 0%

edited 22 Jul '15, 02:29


One Answer:

2

What are the TCP Protocol Preference Allow subdissector to reassemble TCP streams or the SSL Preference Reassemble SSL records spanning multiple TCP segments settings? With those enabled, it reassembles for me (1.99.8).

Edit:

Also need to disable the TCP Preference Do not call subdissectors for error packets. The frames after #7 all have TCP errors and passing them into the SSL dissector breaks it.

answered 22 Jul '15, 03:06

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 22 Jul '15, 03:42

Grahamb, thanks for your reply. All those options have been enabled. The reassembly works with other traces but not this one. Thanks.

(22 Jul '15, 03:15) radhk

What version of Wireshark, and what OS?

(22 Jul '15, 03:30) grahamb ♦

See the edit to my answer.

(22 Jul '15, 03:37) grahamb ♦

Grahamb, great. Now, it works after enabling, "Do not call subdissectors for error packets".

(22 Jul '15, 05:51) radhk

@radhk

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(22 Jul '15, 06:08) grahamb ♦