Wireshark · Wireshark-dev: Re: [Wireshark-dev] help with tcp_dissect

Wireshark-dev: Re: [Wireshark-dev] help with tcp_dissect_pdus

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 21 Jul 2008 13:08:33 -0700


On Jul 21, 2008, at 12:51 PM, Kwan Ng [LAVA] wrote:

I’m using tcp_dissect_pdus() to dissect a TCP protocol that doesn’tinclude a message length field. The messages are terminated by “\r\n”.

Then you shouldn't be using tcp_dissect_pdus(); by intent and design,it is solely for use with protocols where

1) the length of the packet can be determined by looking at the firstN bytes of the packet


and

	2) all packets are at least N bytes long.

Line-oriented protocols are *not* those types of protocols.

See, instead, examples such as the SMTP dissector (packet-smtp.c).

References:
- [Wireshark-dev] help with tcp_dissect_pdus
  - From: Kwan Ng [LAVA]

Prev by Date: [Wireshark-dev] help with tcp_dissect_pdus
Next by Date: [Wireshark-dev] Text2pcap and bidirectional traffic
Previous by thread: [Wireshark-dev] help with tcp_dissect_pdus
Next by thread: [Wireshark-dev] Text2pcap and bidirectional traffic
Index(es):
- Date
- Thread