---- Guy Harris <guy@xxxxxxxxxxxx> wrote:
>So if there are 250 bytes of BNP data (including:
msg id;
information element;
em id;
IE cluster;
IE count;
IE data;
more IEs)
then the count field would have a value of 250 - and the entire
message would be 253 bytes long, with a 3-byte BNP header and 250
>bytes of BNP data?
no sorry, any count (bnp, or ie count) is only the data. so if a bnp message was actually 10 bytes long, the count would be 7.
Also, i've gotten my dissector to work if i dont use wireshark reassembly, instead i would send it to my dll which would append a buffer and then return the whole buffer at the end of a multi message for dissection...however, as i have just figured out upon getting it to work, is that i have to select the start packet of a multimesage first, then work my way down clicking on the individual packets or it wont output correctly. So i do indeed need to figure out how to get wireshark to reassemble instead of just trying to bypass it.
Thanks,
Greg