On Fri, Jan 26, 2024, 4:27 AM Linux Smiths <linuxsmi...@gmail.com> wrote:
> > Can someone confirm this or if anyone has used wireshark/tshark to decode > RPC streams greater than 4GB your confirmation will be helpful too. Btw > I've tried all the protocol preferences and nothing helps. > > Thanks, > LS > > It's a known issue, sorry, that affects anything over TCP that needs desegmentation. That's when the TCP sequence number rolls over. See here: https://gitlab.com/wireshark/wireshark/-/issues/10503 https://gitlab.com/wireshark/wireshark/-/issues/19331 Fixing it involves having some kind of extended sequence number and changing certain lookups for old segments. Unlike an ordinary network stack, Wireshark (and and also tshark, even in one pass mode) can't just discard old segments but keeps information around so that random packet access is possible. John Thacker
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
