Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-06 Thread Tomasz NoiƄski
On Wed, 4 Oct 2006 23:22:37 -0700 "John R." <[EMAIL PROTECTED]> wrote: > Keep in mind that desegment_tcp (which calls the application layer > dissector, which can call tcp_dissect_pdus) is broken in the case that > the minimal header spans a tcp segment boundary. That's nice to know it's a known

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-05 Thread Anders Broman \(AL/EAB\)
o get and including the length parameter. Best regards Anders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Still Life Sent: den 5 oktober 2006 09:40 Cc: Developer support list for Wireshark Subject: Re: [Wireshark-dev] problems with fragmented reas

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-05 Thread Still Life
Jaap Keuter wrote: > Hi, > > Have you checked chapter 2.7 of doc/README.developer? > I guess Wireshark already provides all the tools you need for this. Yes, I read this chapter, probably I miss to understand something, maybe I have some difficult with the english language. ___

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-05 Thread Still Life
Kristof Provost wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: RIPEMD160 > > I suspect it will be easier if you use the tcp_dissect_pdus() function. > If you can determine the message length without reading the entire > message (you can) that's the recommended approach. I can determine the *

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-04 Thread John R.
Keep in mind that desegment_tcp (which calls the application layer dissector, which can call tcp_dissect_pdus) is broken in the case that the minimal header spans a tcp segment boundary. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124 I have a workaround for my own code but desegment_tcp

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-04 Thread Kristof Provost
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 I suspect it will be easier if you use the tcp_dissect_pdus() function. If you can determine the message length without reading the entire message (you can) that's the recommended approach. See the README.developer file. Disclaimer: I'm not a wi

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-04 Thread Jaap Keuter
Hi, Have you checked chapter 2.7 of doc/README.developer? I guess Wireshark already provides all the tools you need for this. Thanx, Jaap On Wed, 4 Oct 2006, Still Life wrote: > > Hi list, > I'm fighting with tcp reassembling but i have always some > problem. i have to dissect a protocol compos

[Wireshark-dev] problems with fragmented reassembly on tcp

2006-10-04 Thread Still Life
Hi list, I'm fighting with tcp reassembling but i have always some problem. i have to dissect a protocol composed by different messages. Each message had a fixed size header (from to messgeId) and in mesageLenght there is the length of the messages. |<-myMsg--