Ethereal-dev: [ethereal-dev] Splitting/duplicating packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Adam Fritzler <mid@xxxxxx>
Date: Tue, 11 Jul 2000 04:38:50 +0000 (UTC)
I'm attempting to write a dissector for the AOL Instant Messenger protocol
(OSCAR).  It uses a low-level structure called FLAP that gets sent across
a TCP socket.  It contains a signature byte, a channel id, a sequence
number, and the length of the payload.

My problem is thus: my current code works great when theres only one FLAP
per packet.  But I currently don't know how to hanlde the case where the
OSCAR servers cram multple FLAPs per packet.  

I'd rather not dissect them just sequentially since doing that, as I
understand it, would not let me filter in a logical way.  (For instance,
if there was a packet that contained a channel 1 FLAP and a channel 4
FLAP, and the filter rule was "aim.flapchan eq 1", then it wouldnt match
since the channel 4 was last and the value of the field would last be 4.

I'd like to have a way to duplicated the packet and parse it as many times
as needed, cropping the data to make it look as though there was only one
FLAP per packet.  Any suggestions? 

(I'm not subscribed to the list.)

af

---
  Adam Fritzler
  { mid@xxxxxx }
    http://www.auk.cx/~mid/