Wireshark-dev: Re: [Wireshark-dev] Dissecting a Protocol with multiple static TCP ports
Craig,
You probably need to take a look at tcp_dissect_pdus(). If you're lucky, it'll help you reassemble your TCP stream; if not, you might need to write your own TCP reassembly routines. There are many dissectors that make use of it for reassembly and it's documented in section 2.7.1 of README.developer, so hopefully you find plenty of help and examples about it. Assuming that's what you need of course.
- Chris
________________________________________
From: wireshark-dev-bounces@xxxxxxxxxxxxx [wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Craig Bumpstead [cbumpste@xxxxxxxxxxxx]
Sent: Monday, April 26, 2010 9:38 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissecting a Protocol with multiple static TCP ports
Bill,
The packets that are not decoded are decoded as TCP packets. So I don't understand why it only decodes the first one. I must be making a mistake in the code.
Regards,
Craig
----- Original Message ----
From: Bill Meier <wmeier@xxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Tue, 27 April, 2010 11:10:14 AM
Subject: Re: [Wireshark-dev] Dissecting a Protocol with multiple static TCP ports
Craig Bumpstead wrote:
> Bill,
>
> Thanks for the quick response. That setting is off.
> The first and second packets are TCP port 4435 and 21016 which it decodes.
> However from that point on it doesn't decode packets with
> TCP port 4435.
>
> I loath posting my code, but obviously I am making a mistake somewhere.
>
I don't see anything obviously wrong with the code.
A question: What is actually shown in Wireshark for the packets not
decoded ?
Are they decoded as TCP ? As some other protocol ?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.