Wireshark · Wireshark-dev: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets

Wireshark-dev: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 5 May 2011 12:26:06 -0700

On May 5, 2011, at 8:59 AM, Fernandez, Rafael wrote:

> guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
> {
>        guint remaining  = tvb_length_remaining(tvb, offset);
>        guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;

So, in your protocol:

	all messages start with a fixed-length header MESSAGE_HEADER_SIZE bytes long, and may have zero or more bytes after that header;

	the first 4 bytes of a message (i.e., the first 4 bytes of the header) are a little-endian value that is the length of the part of the message after the fixed-length header?

Follow-Ups:
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
  - From: Fernandez, Rafael

References:
- [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
  - From: Fernandez, Rafael
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
  - From: Chris Maynard
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
  - From: Fernandez, Rafael

Prev by Date: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
Next by Date: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
Previous by thread: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
Next by thread: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets
Index(es):
- Date
- Thread