> My question is: Is it possible to hardcode this 500 byte limit to something
> slightly larger ?
No, because there *is* no such hardcoded limit to raise.
If you're getting no TCP messages larger than 500 bytes, it's not
because any piece of Ethereal imposes such a limit. After you remove
the 14-byte Ethernet header, the 20-byte minimum IP header, and the
20-byte minimum TCP header from a 1514-byte Ethernet packet, you get
1460 bytes of TCP payload - and I have captures where Ethereal does, in
fact, see 1460 bytes of TCP payload.
Ethereal 0.8.19 will not reassemble higher-level PDUs that cross TCP
segment boundaries, so if an SCCP message crosses a TCP segment boundary
(whether it's bigger than a TCP segment or not; higher-level PDUs can
cross TCP segment boundaries even if they'd fit in a maximum-size TCP
segment) you will only see part of it.
The current version of Ethereal in CVS, however, does include code that
allows a dissector for a protocol running atop TCP to request
reassembly of higher-level PDUs, as long as
1) the length of the PDU is specified at the beginning of the
PDU
and
2) the field or fields specifying the length aren't themselves
split across TCP segments.
See, for example, the NetBIOS Session Service dissector (in
"packet-nbns.c", for historical reasons), the ONC RPC-over-TCP dissector
(in "packet-rpc.c"), and the DNS dissector (in "packet-dns.c").
> If I could for example raise it to 750, then I would get
> all sccp messages unfragmented, and they would display nicely.
> Or is this limited by the MTU size or something like that ?
It may be limited by the MTU. There's no hard-coded 500-byte limit in
Ethereal.