Wireshark · Wireshark-dev: Re: [Wireshark-dev] problems with fragmented reassembly on tcp

Wireshark-dev: Re: [Wireshark-dev] problems with fragmented reassembly on tcp

From: Still Life <still.life@xxxxxxxx>

Date: Thu, 05 Oct 2006 09:40:22 +0200

Kristof Provost wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I suspect it will be easier if you use the tcp_dissect_pdus() function.
If you can determine the message length without reading the entire
message (you can) that's the recommended approach.


I can determine the *message* length only when i have already
the complete header.
Immagine if I capture a multiple message packet and immagine
it is fragmented in a point after the end of the ultimate
complete message and before the mesageLenght field of the
broken message:

             |<-----------------myMsg------------------->|
...|---------+------- -+----+------------+--------+--||---+
...|tcpHeader|5555555 5|0000|mesageLenght|messgeId|details|
...|---------+------- -+----+------------+--------+--||---+
                     ^Fragmentation

I can't understand how much byte I have to take to complete the PDU.

Follow-Ups:
- Re: [Wireshark-dev] problems with fragmented reassembly on tcp
  - From: Anders Broman (AL/EAB)

References:
- [Wireshark-dev] wide changes to the H248 dissector please test
  - From: LEGO
- [Wireshark-dev] problems with fragmented reassembly on tcp
  - From: Still Life
- Re: [Wireshark-dev] problems with fragmented reassembly on tcp
  - From: Kristof Provost

Prev by Date: Re: [Wireshark-dev] problems with fragmented reassembly on tcp
Next by Date: Re: [Wireshark-dev] problems with fragmented reassembly on tcp
Previous by thread: Re: [Wireshark-dev] problems with fragmented reassembly on tcp
Next by thread: Re: [Wireshark-dev] problems with fragmented reassembly on tcp
Index(es):
- Date
- Thread