sngrep icon indicating copy to clipboard operation
sngrep copied to clipboard
verified publisher icon irontec

SNGREP not capturing Fragmented packets

Open sajai20 opened this issue 1 year ago • 3 comments

Hi kaian

As we could observe SNGREP is not capturing fragemented packets image image

Frame 9 and Frame 10 are fragmented packets but in frame 9 we could see no UDP or TCP layer. sngrep has no knowledge about port's when frame 9 is received so when frame 10 receives SNGREP couldn't prepand frame 9 to frame 10. How to overcome this issue.

sajai20 avatar Oct 15 '24 12:10 sajai20

Hi!

Can this reproduced while reading from a PCAP file? Could yo provide a PCAP file to debug this fragmentation issue?

Thanks in advance!

Kaian avatar Oct 16 '24 11:10 Kaian

Hi kaian i have attached you the pcap file full_tcpdump_file.zip

sajai20 avatar Nov 05 '24 06:11 sajai20

Hi @sajai20

Thanks a lot for the testing PCAP!!

Without debugging the packets, the flow seems identical from wireshark and sngrep 1.8.2

image image

What is the missing fragmented packet sngrep has not captured?

Best regards!!

Kaian avatar Nov 05 '24 10:11 Kaian