On Jan 22, 2004, at 12:57 AM, CNS - Matthew Bradley wrote:
I am now trying to use tcp_dissect_pdu to dissect a PDU across multiple
packets. As per the documentation, I have written a function to return
the
PDU length based on the header as described above.
And you specified 8 as the "fixed_len" argument to "tcp_dissect_pdu()",
right? (The 8 bytes of header are the "fixed length" portion, and you
need all 8 bytes, as the length is in the latter 4 bytes.)
So long as the PDU fits
within a single TCP packet, the dissector works fine. But if the PDU is
spread across two packets, dissection fails with a "short frame" error
message.
You are capturing the entire packet, right?
I.e., you didn't specify "-s" to Tethereal if you used it to capture
the traffic, you *did* specify "-s" to tcpdump and the argument to "-s"
was a large number if you used it to capture the traffic, and you
didn't specify "Limit each packet to [] bytes" if you captured the
traffic with Ethereal? And the "Frame {N}" line in the dissection of
the packet doesn't give an "{M} bytes captured" value where M is less
than the P value in the "{P} bytes on wire"?
And you *did* specify either "TRUE" or a settable parameter that you've
set to TRUE as the "proto_desegment" argument to "tcp_dissect_pdus()"?
And you *have* turned on the "Allow subdissector to desegment TCP
streams" preference for TCP?
And the TCP headers for the packets in question doesn't show a checksum
error? (Note that, on machines with a network adapter that does TCP
checksumming, outbound traffic - i.e., traffic sent by the machine
running a network analyzer program - will probably be supplied to that
program before being handed to the network adapter, and thus before the
packet is checksummed, so it will appear to have an invalid checksum.
In those cases, you also have to turn off the "Check the validity of
the TCP checksum when possible" preference for TCP.)
