Missing packets/TCP retransmits in application protocol dissector

asked 2018-08-18 04:01:51 +0000

snappas gravatar image

updated 2018-08-18 04:02:56 +0000

I am using the tcp_dissect_pdus method to dissect my application protocol, however, my capture contains [TCP Previous segment not captured] entries, where the TCP Sequence significantly increments, which appears to break my dissector. If I manually ignore the out of sequence packets that result in Duplicate Ack #, it continues to dissect the TCP Retransmit packets with the in-order sequence counter properly.

I was hoping tcp_dissect_pdus would dissect TCP sequences in order. Do I need to implement this behavior in custom code? If so, is there an example I can refer to?

