Wireshark-dev: Re: [Wireshark-dev] : Plugin dissector not called when wireshark reassembles the
Hello Thanks for your response,
The maximum lengths returned by get_myplugin_pdu_len() are 1028 and 17161 .
Is that might be a problem ?
But I cant understand why the message length is showing that big a value as the messages are quite small enough!
Thanks
--- On Thu, 2/28/08, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
> Subject: Re: [Wireshark-dev] : Plugin dissector not called when wireshark reassembles the message
> To: me_merlin18@xxxxxxxxx, "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
> Date: Thursday, February 28, 2008, 5:44 PM
> Hi,
>
> What does get_myplugin_pdu_len() return? I think this value
> is too high, hence the TCP dissector never sees the end of
> the payload.
>
> Thanx,
> Jaap
>
> Merlin Hooze wrote:
> > Hi,
> >
> > I have created a plugin for wireshark, which works
> fine normally but its not able to dissect when the message
> is split and reassembled by wireshark. In my dissector I am
> using the following function as below..
> >
> > tcp_dissect_pdus(message_tvb, pinfo, tree, TRUE, 5,
> > get_myplugin_pdu_len, dissect_myplugin);
> >
> > But when i capture the trace, I can see the protocol
> as [TCP segment of a reassembled PDU] only. Looks like the
> dissector function for my plugin is not called.
> > I guess [TCP segment of a reassembled PDU] is
> displayed when wireshark is reassembling the packets. So
> when its reassembling then why its not calling my dissector
> after it has reassembled ?
> >
> > Any hints ?
> >
> > Thanks..
> >
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
