Hello everybody,
I implemented a dissector plugin for a special protokoll used in my Company, I Use tcp_dissect_pdus to reassemble the tcp Pakcets. Everthyng is working fine when Sending Data from CLient to Server, all Protokollitems shown well in the Wireshark tree. But on the response form Server the lenght detection fails because tvb is 4 Byte Bigger then the TCP offset.
For exapmle The TCP Data Segement ist 36 Byte( Shown Correct in Wireshark Window ) But tvb has length of 40 BYTE im Reading the Lenth of A Message at Position 6, so now there comes a very big number because im now 4 Byte erlier then realy wanted.
Any Idea? did I Something wrong?
My Code looks like this:
static guint get_qcom_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
//Len of 1. Object
guint nLen1 = (guint)tvb_get_letohl( tvb, offset+ 6 );
//Len of 2. Object
guint nLen2 = (guint)tvb_get_letohl( tvb, offset+ 10 );
return nLen1 + nLen2 +15; //Length of both Objects + header
}
Kind Regards
Michael Biener
--
GRATIS! Movie-FLAT mit über 300 Videos.
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome