Ethereal-dev: Re: [Ethereal-dev] How to access value of hdr.frag_len from subdissector?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Mon, 17 Jun 2002 18:34:29 +1000
----- Original Message -----
From: "Guy Harris"
Sent: Monday, June 17, 2002 11:22 AM
Subject: Re: [Ethereal-dev] How to access value of hdr.frag_len from
subdissector?


[snip]
> You'll have to enable reassembly of fragmented DCE RPC packets, as per
> Ronnie's mail; you can enable it in Ethereal or Tethereal with the
> command-line argument "-o dcerpc.reassemble_dcerpc:true", or can enable
> it from the GUI in Ethereal by:
>
> selecting "Preferences" from the "Edit" menu;
>
> opening up the "Protocols" list on the left pane;
>
> selecting "DCERPC";
>
> turning "Reassemble DCE/RPC fragments" on;
>
> clicking "OK";

If you want to reassemble DCERPC over UDP you may also want to
activate IP fragment reassembly by enabling
Preferences/Protocols/IP/Reassemble-fragmented-IP-datagrams

You may still also want to enable the SMB one:
Preferences/Protocols/SMB/Reassemble-SMB-Transaction-Payload


If the DCERPC transport is connection-less there is still a good chance the
DCERPC PDUs are also
fragmented on these two layers.

(I have seen connection oriented DCERPC PDUs which were reassembled in NBSS,
SMB and DCERPC layers. All three layers at the same time. )