Ethereal: RE: [Ethereal-dev] Dissecting a conversation.

Ethereal-dev: May 2003

Subject: RE: [Ethereal-dev] Dissecting a conversation.
From: nak26 <nak26@xxxxxxxxxx>
Date: Thu, 08 May 2003 15:42:01 -0400

>>That is avoid managing the reassembly of the TCP segments.

Managing the reassembly of TCP segments is not that daunting of a task.

Just follow Guy Harris's instructions:
--------------------------------------
Use the "tcp_dissect_pdus()"
routine, which takes, as arguments:

the tvbuff for the TCP segment being dissected;

the pinfo value for the packet;

the protocol tree pointer for the packet;

a Boolean value that's TRUE if packets split between TCP
segments should be reassembled and FALSE if they shouldn't be
reassembled (this is typically a user-configurable preference
variable);

the number of bytes of header needed in order to get the data
that tells you how big the message is;

a pointer to a routine that's handed a tvbuff pointer and an
offset in that tvbuff, where the offset is the offset of the
beginning of a header, and returns the total size of the packet
based on the data in the header (total size *including* the
header!);

a pointer to a routine to dissect a single message for your
protocol, which gets handed the usual arguments for a dissector
function - the tvbuff starts at the beginning of the message.

See, for example, "packet-dns.c".

**************************
Nik Kolev
Drexel University
Major: Computer Science
nak26@xxxxxxxxxx
**************************

Prev by Date: Re: [Ethereal-dev] [dcerpc] Encrypted stub data
Next by Date: Re: [Ethereal-dev] help with broken-up messages running atop TCP?
Previous by thread: Re: [Ethereal-dev] Dissecting a conversation.
Next by thread: Re: [Ethereal-dev] What does the "maxlength" argument to "tvb_get_nstringz*" mean?
Index(es):
- Date
- Thread