Wireshark-dev: Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on to
From: philippe alarcon <philippe.alarcon@xxxxxxx>
Date: Thu, 26 Mar 2009 10:21:33 +0100
Hi,

If your dissector is on top of UDP, you can check the UDP checksum.

The CRC should be the same for identical fragments.

Regards
Philippe


Date: Wed, 25 Mar 2009 17:13:35 -0800
From: svu004@xxxxxxxxx
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?

Hi,

We have a legacy custom plugin (written on top of UDP), which handles multicast packets which may be fragmented, which works fine for normal scenarios. However, the plugin fails to decode for the cases where there can be duplicate fragments (for eg. one coming from the actual host and another one from a firewall). The fragments are exactly the same excepting that the ethernet source address is different.

Can someone give me pointers as to how we could handle this special case when re-assembling the fragments? Is there a way to ignore packets coming from the firewall? Are there any sample plugins that have handled this case, which I can refer to?

Any suggestions would help me a lot,

Thanks,
siri



Discutez sur Messenger où que vous soyez ! Mettez Messenger sur votre mobile !