Assembled Wiresharks (pun intended),
I have drawn together a protocol dissector in Lua in under a day, and
much have I been impressed with it.
TCP reassembly is proving tricky though. The Wiki page tells me that I
may return a negative number from my_whizzo_proto.dissector() to
instruct Wireshark to retrieve that (positive) number of bytes from
the TCP stream and call the dissector again, but this doesn't bear out
in practice.
Can anyone point me at a working example?
I'm using Wireshark Version 1.0.4 (SVN Rev 26501) on Win2K.
Many many Thanks,
Martin