Problems reassembling TCP packets

[maltris]

Hello dear community,

I have noticed problems with heplify when reassembling TCP packets, for example with Skype for Business or Lync traffic. Somehow the contents get scrambled in a strange way. Today I tried the same with captagent, which worked perfectly fine.

Somehow the packets dont get reassembled in the right way which leads to strange conversations like

Here is the call flow with heplify (wrong):

And from captagent (right):

Im no expert in this specific topic, so if my assumptions are wrong, please point that out. I am willing to provide any information that is beneficial to solve this, since from an operative side I prefer heplify over the other agent.

Thanks in advance

[lmangani]

Thanks for the report. First of all we need to know what type of socket was used in heplify (socket_pcap or af_socket) if the tcpassembly flag was enabled in heplify at the time of testing. If that was the case, then we need a anonymized example of the signaling and/or at the very least the packet size - we can't work much with images.

[maltris]

The tcpassembly setting was enabled. I will try to collect a sample, but it can be tricky, because as you said, I must anonymize it. I will come back at you once I collected the required data.

[kYroL01]

Hi @maltris heplify also have the option -sipassembly. Sometimes, the problem is on the application layer after the TCP defragmentation.
I suggest you add this option to see if your messages will be split correctly.