On Sun, Dec 15, 2002 at 09:06:21PM +0100, Hannes Gredler wrote: > have there been efforts [or thoughts, or even some code ;-)] > for putting together the TCP stream and expose it it higher-level > dissectors [aka stateful decoding] ?
None that I know of in tcpdump. Ethereal supports it, but it requires both support in the TCP dissector and in subdissectors (as only they know where higher-level PDUs begin and end). > i am wondering about the feasibility of such an project, > while still preserving tcpdumps small footprint; Hmm. Given that tcpdump is strictly one-pass, it's a bit of a simpler problem than in Ethereal - it could discard saved data from previous TCP segments once it hands the reassembled data to the higher-level dissector. Note, for what it's worth, that Ethereal currently doesn't handle out-of-order TCP segment delivery. I don't know how much more complicated that'd make it. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
