This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP segment of a reassembled PDU ?

0	What does it mean? TCP segment of a reassembled PDU pdu tcp asked 17 Dec '16, 07:37 luna 11●3●3●6 accept rate: 0%

One Answer:

It means that

Wireshark/TShark thinks it knows what protocol is running atop TCP in that TCP segment;
that TCP segment doesn't contain all of a "protocol data unit" (PDU) for that higher-level protocol, i.e. a packet or protocol message for that higher-level protocol, and doesn't contain the last part of that PDU, so it's trying to reassemble the multiple TCP segments containing that higher-level PDU.

For example, an HTTP response with a lot of data in it won't fit in a single TCP segment on most networks, so it'll be split over multiple TCP segments; all but the last TCP segment will be marked as "TCP segment of a reassembled PDU".

answered 17 Dec '16, 13:53

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%