7.8. Packet Reassembly

To flag this situation to the user, Wireshark marks each of those packets with "TCP segment of a reassembled PDU", where "segment" is the TCP terminology for a chunk of payload, prepended with the matching TCP header. (In practice this is synonymous with "packet", although technically it is a distinct entity. For example, it is possible for a large TCP segment to get fragmented into multiple IP packets, although TCP tries hard to avoid this.) tcp segment of a reassembled PDU 0 In the captured packets (by wireshark),there are a lot of tcp segment of a reassembled PDU.the packet have data,but if i want export the packet out in a text file, in the text file i can not see the data? When downloading a big file from the server, initially the info in the list column of wireshark sound reasonable. However, as the downloading process ends (using totally about 60 secs), the time stamp in wireshark console just passed 30 secs. And in the next 60-30=30 secs, only "TCP segment of a reassembled PDU" is shown in the list column, while the detail info of each these packets are still reasonable. One Answer: that TCP segment doesn't contain all of a "protocol data unit" (PDU) for that higher-level protocol, i.e. a packet or protocol message for that higher-level protocol, and doesn't contain the last part of that PDU, so it's trying to reassemble the multiple TCP segments containing that higher-level PDU. The " TCP SEGMENT OR A REASSEMBLED PDU" message, At what layer is this message referring to? Is this message referring to LAYER 3 ( reconstructing an IP Packet) or Layer 4 (reconstructing a TCP segment)? J. TCP segment of a reassembled PDU. 上周在公司里遇到一个问题,用wireshark抓系统给网管上报的数据发现里面有好多报文被标识为“TCP segment of a reassembled PDU”,并且每一段报文都是180Byte,当时看到这样的标识,觉得是IP报文分片,以为系统的接口MTU值为设置小了,通过命令查询发现是 1500,没有被重设过,当时有点想不通。. 回来查了一下,发现自己的理解是错的,“TCP segment of a

5 0.248376 93.184.216.34 192.168.10.7 TCP 1514 80 → 53451 [PSH, ACK] Seq=1 Ack=76 Win=144896 Len=1448 TSval=467756515 TSecr=635755360 [TCP segment of a reassembled PDU] Transmission Control Protocol, Src Port: 80, Dst Port: 53451, Seq: 1, Ack: 76, Len: 1448 Source Port: 80 Destination Port: 53451 [Stream index: 0] [TCP Segment Len: 1448

2051 86.674013000 192.168.1.103 192.168.1.100 TCP 249 [TCP segment o f a reassembled PDU] Frame 2051: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits) on interface 0 Interface id: 0 Encapsulation type: Ethernet (1) Arrival Time: Nov 5, 2013 15:03:46.089111000 Central Standard Time Number of TCP segments for HTTP response - Wireshark This extra TCP segment is the "HTTP 200 OK" response. Do we have to count this packet as well? If you mean "do I have to count more than the segments whose Info column just says "[TCP segment of reassembled PDU]", the answer is "yes" - when the last segment is seen, the HTTP request or response is dissected, and information about that request TCP Segmentation - InetDaemon's IT Tutorials

netsh interface tcp set global autotuning=disabled Re-run your test, and see if you notice a performance improvement. I've had to do this on a couple of laptops running Windows 7 in my house, and it's helped. If things get worse, or you don't notice any improvement, you can re-enable autotuning by: netsh interface tcp set global autotuning=normal

Aug 10, 2007 Transmission Control Protocol - Wikipedia