I have compiled wireshark in my SLES-11-SP1 server and trying to use MATE plugin filters. When I export displayed packets after applying filter, it does not save all fragments to assist with re-assembly when I open the filtered trace. Due to this some packets are missing in the final exported trace
I also have an environment where I have same version of wireshark running on Ubuntu 18.04. If I use same MATE configuration file and export displayed packets, I can see all relevant fragments are getting saved and re-assembly is possible in the filtered trace.
The issue happens for SCTP fragmented packets. Diameter application is running on top of SCTP
I know there are differences in dependencies/libraries between SuSE 11 & Ubuntu 18.04 platforms. Would like to get some ideas where to look for for this specific issue. Can these OS's handle fragments differently ?
Thanking you all in anticipation