Wireshark-dev: Re: [Wireshark-dev] Packet reassembling

From: Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx>
Date: Wed, 12 Jul 2006 10:27:02 +0200
Thanks Ronnie,

tcp_dissect_pdus() is perfect and saved me a lot of time.

I used the implementation of gryphon to see how it works.
It would be a good idea to mention that in the developer-guide.

mit freundlichen Grüßen / best regards

Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc


ronnie sahlberg schrieb:
create a conersation for each tcp session to track the packets.

or use tcp_dissect_pdus() which will do that for you.


On 7/11/06, Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx> wrote:
Hello

I have read the chapter about packet reassembling.
It's clear except from one point.

If a server has multiple TCP connections to different clients,
the captured packets can be mixed up from different messages.
How is this kept in mind?
Is this tracked automagically by "fragment_add_seq_check" with the
contents of the "packet_info" structure,
or is the example in the docs not taking this into account?
Is one instance of the "msg_fragment_table" and "msg_reassembled_table
enough" for multiple connections?
Or do I need one for each connection?

I see at least a problem with the sequence numbers.
At least my protocol has no sequence number for different chunks,
so I have to do something like "connection[i].seq_number++" for each
connection.
Are there any recommendations?

--
mit freundlichen Grüßen / best regards

*Gerhard Gappmeier*
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc