Wireshark-dev: Re: [Wireshark-dev] Problem due to segmentation of GTP packet.....
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Mon, 6 Nov 2006 16:28:31 +0100
Hi,
You have to insert TCP reassembly into the dissector by using tcp_dissect_pdus(), have a look in packed-diameter.c how it can be done.
There is alo a section in the manual about this.
 
BR
Anders
P.S
Example code:
 
static guint
get_diameter_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
{
  /* Get the length of the Diameter packet. */
  return tvb_get_ntoh24(tvb, offset + 1);
}
:
static void
dissect_diameter_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
  tcp_dissect_pdus(tvb, pinfo, tree, gbl_diameter_desegment, 4,
 get_diameter_pdu_len, dissect_diameter_common);
} /* dissect_diameter_tcp */
 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
Sent: den 6 november 2006 14:06
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Problem due to segmentation of GTP packet.....

Hi,  one correction. It is not 5 CDR's in our GTP packet, but only cdr and within that there are 5 service records. 4 service records are displayed and the fifth service record is not displayed due to segmentation done by TCP.
Regards,
Prashanth.

prashanth joshi <prashanthsjoshi2000@xxxxxxxxx> wrote:
Hi all,
Please any one solve my problem. Every body here are struggling to solve it, but no body is getting the solution.
Regards,
Prashanth.
 
Our trace file contains 5 GCDR 's  within the same GTP packet.
The first four CDR's are correctly parsed. How ever the fifth is not at all displayed. It was observed that the tcp segmentation occured after the fourth cdr.
As a result the fifth CDR even though it is present in the data stream is not at all parsed by the ethereal.
It seems as TCP fragments are reassembled only at the destimation and ethereal sniffs packets off the wire even before the packets reach the destination ( ie within the n/w and not at the destination ) only the 4 cdr's are displayed. And the fifth cdr when it arrives in the stream much later is not recognized by the ethereal becos it can recognize the cdr only if there is gtp header attached to it.
The gtp header had arrived with the first four cdrs'. So ethereal does not recognize the fifth cdr as there is no gtp header with it.
So how to solve this problem...
Regards,
Prashanth

Everyone is raving about the all-new Yahoo! Mail._______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Want to start your own business? Learn how on Yahoo! Small Business.