Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNGREP not capturing Fragmented packets #499

Open
sajai20 opened this issue Oct 15, 2024 · 3 comments
Open

SNGREP not capturing Fragmented packets #499

sajai20 opened this issue Oct 15, 2024 · 3 comments

Comments

@sajai20
Copy link

sajai20 commented Oct 15, 2024

Hi kaian

As we could observe SNGREP is not capturing fragemented packets
image
image

Frame 9 and Frame 10 are fragmented packets but in frame 9 we could see no UDP or TCP layer. sngrep has no knowledge about port's when frame 9 is received so when frame 10 receives SNGREP couldn't prepand frame 9 to frame 10. How to overcome this issue.
@Kaian
Copy link
Member

Kaian commented Oct 16, 2024

Hi!

Can this reproduced while reading from a PCAP file? Could yo provide a PCAP file to debug this fragmentation issue?

Thanks in advance!

@sajai20
Copy link
Author

sajai20 commented Nov 5, 2024

Hi kaian i have attached you the pcap file
full_tcpdump_file.zip

@Kaian
Copy link
Member

Kaian commented Nov 5, 2024

Hi @sajai20

Thanks a lot for the testing PCAP!!

Without debugging the packets, the flow seems identical from wireshark and sngrep 1.8.2

image
image

What is the missing fragmented packet sngrep has not captured?

Best regards!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Kaian @sajai20