 | 1 | initial version |
The likely origin of most of these is the fact that it is not always possible to correctly identify protocols from the packets alone. Sometime heuristics need to be applied to make an educated guess about what protocol the packet is from. Then when such choice is make it can turn out further down the packet dissection that an error is observed. Is it, or was the initial assumption about the protocol wrong? We try to create these heuristics as strong as possible, but sometimes there's just very little to work with. Other errors may come from packets that were missed/dropped, hence complicate further dissection of related packets. With such long term captures, your chance of running into scenarios like this are more likely.
