Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2022-04-10 17:11:45 +0000

Sanqui gravatar image

Reassembly of out-of-order TCP segments fails

I'm having some trouble with TCP reassembly. Even with the "Reassemble out-of-order segments" option checked, it seems like Wireshark is not able to reassemble a TLS stream after a "Previous segment not captured" and "Retransmission" event. In this case, no packet is dropped, there are just four packets out of order.

Screenshot: https://sanqui.net/etc/wireshark_tcp_retransmission.png

Note how the selected packet specifies "Next Sequence Number: 1156692", which appear two packets down. But Wireshark (incorrectly?) labels it as a retransmission and loses ability to follow the HTTP2 stream.

Please let me know if a capture would be of help, I may be able to share it privately or produce one without sensitive data.

Reassembly of out-of-order TCP segments fails

I'm having some trouble with TCP reassembly. Even with the "Reassemble out-of-order segments" option checked, it seems like Wireshark is not able to reassemble a TLS stream after a "Previous segment not captured" and "Retransmission" event. In this case, no packet is dropped, there are just four some packets out of order.

Screenshot: https://sanqui.net/etc/wireshark_tcp_retransmission.png

Note how the selected packet specifies "Next Sequence Number: 1156692", which appear two packets down. But Wireshark (incorrectly?) labels it as a retransmission and loses ability to follow the HTTP2 stream.

Please let me know if a capture would be of help, I may be able to share it privately or produce one without sensitive data.

Reassembly of out-of-order TCP segments fails

I'm having some trouble with TCP reassembly. Even with the "Reassemble out-of-order segments" option checked, it seems like Wireshark is not able to reassemble a TLS stream after a "Previous segment not captured" and "Retransmission" event. In this case, no packet is dropped, there are just some packets out of order.

Screenshot: https://sanqui.net/etc/wireshark_tcp_retransmission.png

Note how the selected packet specifies "Next Sequence Number: 1156692", which appear two packets down. But Wireshark (incorrectly?) labels it as a retransmission and loses ability to follow the HTTP2 stream.

Please let me know if a capture would be of help, I may be able to share it privately or produce one without sensitive data.

EDIT: I'm using Wireshark 3.6.2 (Git commit 626020d9b3c3)

Reassembly of out-of-order TCP segments fails

I'm having some trouble with TCP reassembly. Even with the "Reassemble out-of-order segments" option checked, it seems like Wireshark is not able to reassemble a TLS stream after a "Previous segment not captured" and "Retransmission" event. In this case, no packet is dropped, there are just some packets out of order.

Screenshot: https://sanqui.net/etc/wireshark_tcp_retransmission.png

Note how the selected packet specifies "Next Sequence Number: 1156692", which appear two packets down. But Wireshark (incorrectly?) labels it as a retransmission and loses ability to follow the HTTP2 stream.

Please let me know if a capture would be of help, I may be able to share it privately or produce one without sensitive data.

EDIT: I'm using Wireshark 3.6.2 (Git commit 626020d9b3c3)626020d9b3c3). I compiled git head and confirm the problem also occurs in Version 3.7.0 (4d9470e7dd9d).

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2