[Nfd-dev] ndn dissector and TCP segments
Junxiao Shi
shijunxiao at email.arizona.edu
Mon Jan 28 10:27:11 PST 2019
Hi John
Frame 45 is a Nack packet. The dissector from git master branch can decode
it correctly. You probably have an older version. Even if you have
installed the latest version, your Wireshark could be loading an older
version elsewhere in the filesystem. It's also possible that your Wireshark
version is too old or too new for the dissector. I'm using Wireshark v2.6.3.
[image: Capture.PNG]
Wireshark is capable of reconstructing split packets of TCP streams
> (regardless the actual packet order) and our dissector simply works on top
> of that... I did basic tests in the past, but not too extensive ones.
>
It seems that ndn.lua does not use Wireshark's TCP reconstruction
functionality. It tries to interpret each TCP segment individually. Any NDN
packet crossing TCP segment boundary cannot be decoded correctly. In a
subsequent TCP segment, ndn.lua can find where the packet starts by trying
different offsets in findNdnPacket function
<https://github.com/named-data/ndn-tools/blob/7664b12f2ae20fbfbffdb763a2de3ead6cea8631/tools/dissect-wireshark/ndn.lua#L370-L381>
.
Frame 1267 has two Data packets, and four leftover bytes 06fd03c0 at the
end. These four bytes indicates that the next 960 bytes should be a Data
packet.
Frame 1268 TCP payload starts with 075e080577. ndn.lua discards 07e508, and
interprets 0577 as the start of an Interest. Since this isn't actually an
Interest, the dissector fails to decode the sub elements such as Name, so
it displays as just "Interest".
Following TCP stream is a useful feature. It's now tracked as
https://redmine.named-data.net/issues/4820
Yours, Junxiao
On Mon, Jan 28, 2019 at 11:59 AM Dehart, John <jdd at wustl.edu> wrote:
> Here is a link to a snippet from the pcap file that is giving me problems.
>
> https://www.arl.wustl.edu/~jdd/tcpdump.2000.pkts.pcap
>
> If I run this through wireshark with the ndn-dissector from ndn-tools
> version 0.6.2-ppa1~xenial (version on the NDN Testbed),
> I get Lua Errors for several packets, for example Frame # 45.
>
> Also, I thought wireshark used to display the NDN names in the Info field,
> but it is not doing this now.
>
> Full discolosure: This pcap file was generated on ONL where we are still
> running NFD 0.6.1.
> And for various reasons we have to continue running that version for a
> while longer.
> I have tried processing it with wireshark there as well and have different
> problems.
> For example, frames 1268, 1270 and 1271 are not processed properly.
> Any help is appreciated.
>
> Thanks,
> John
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20190128/561d5be4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.png
Type: image/png
Size: 166409 bytes
Desc: not available
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20190128/561d5be4/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.png
Type: image/png
Size: 84495 bytes
Desc: not available
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20190128/561d5be4/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture.PNG
Type: image/png
Size: 43030 bytes
Desc: not available
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20190128/561d5be4/attachment-0005.png>
More information about the Nfd-dev
mailing list