On Fri, Sep 24, 2010 at 05:33:25PM -0700, Scott Mueller wrote:
> Thank you for your response. I'm working with a multi-layered protocol
> that relies on TCP/IP, and in some cases the contiguous payload that I
> need to work with is spread out across several well-formed messages.
Have you looked at the reassembly information in README.developer,
specifically section 2.7.2, "Modifying the pinfo struct" ? That may do
the job for you, especially if the messages span multiple TCP segments.
The preceding section about using tcp_dissect_pdus could work too, but
it's geared toward simple TCP reassembly.