Ethereal-dev: Re: [ethereal-dev] Messages exceeding 1500 octets resulting in Malformed frames

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Wed, 03 Jan 2001 19:31:16 +1000
At 10:49 AM 1/3/01 +0100, Dick Gooris wrote:
>I am working on an analyzer section and made some major progress
>- thanks to the README files and lot of examples :-)
>
>Almost the first message I received was about 3036 octets long. This
>means that the message I get is Malformed. I received the first 1500
>octets which I believe is the standard ethernet boundary. The remaining
>1536 octets are coming in two extra separate messages. The last two
>message are not recognizable in the way I did with the first.

Yes, this is a problem ... and always will be so ... Your dissector needs
to be robust enough to work in the face of missing or duplicate
frames/packets/segments.

>Therefore I need to work with sequence numbers and so, which require
>some
>new procedures or more coding in the area of the ethereal body, rather 
>than programming on packet-sapphire.c/h files.
>
>I guess I am not the first one who cannot (fully) decode a message
>longer 
>than 1500 octets. Are there any functions/procedures available or
>examples
>from existing packet-*.c files. ( I had difficuties to find these, or
>overlooked ? )

There are no procedure/functions for dealing with this as yet, and while
there has been much discussion, I am firmly of the view that there is no
good solution to the problem, because there will always be cases where data
is missing, out of order, duplicated, etc.

>There is no necessity to solve this in realtime. There should be an easy 
>way to access the tvbuff of the next associated message, or to
>concatenate
>then beforehand, because the TCP/IP header indicates limitted data in
>the
>data section.
>
>Hope you can help.
>
>Many thanks in advance,
>
>	- Dick Gooris          The Netherlands
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba