Though after verifying it I found reassembled TCP segments are the same as Hypertext Transfer Protocol + Line-based text data,but does wireshark count them twice?
Watching http in wireshark,what's the relation between reassembled TCP vs. Hypertext Transfer Protocol + Line-based text data?
5.1k views Asked by mysql_go At
1
TCP provides the illusion of a continuous stream of data, but it's actually multiple packets over the wire. A higher-level "protocol data unit" (PDU), such as an HTTP request or response, can be divided into multiple packets along arbitrary boundaries by the underlying TCP.
Wireshark reassembles PDUs that have been split up into multiple packets, so that they can be displayed meaningfully. That HTTP response you see is being displayed in the details pane of a single packet, but it actually represents the combined contents of several packets. The "Reassembled TCP Segments" section links to the other packets that contributed to this complete HTTP message, and if you follow those links, you'll probably find that the earlier packets are labeled "TCP segment of a reassembled PDU".