Wireshark mailing list archives
Re: Help with dissecting data spanning multiple packets without knowing the length up front
From: "Jarolin, Robert" <Robert.Jarolin () trueposition com>
Date: Fri, 23 Oct 2009 14:47:49 -0400
Thanks! This is what I am looking for. Not sure how I missed that in the doc. -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of wsgd Sent: Friday, October 23, 2009 11:38 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Help with dissecting data spanning multiple packets without knowing the length up front Look at http://anonsvn.wireshark.org/wireshark/trunk/doc/README.developer 2.7.2 Modifying the pinfo struct. Olivier Jarolin, Robert a écrit :
I am working on a dissector for dissecting character string oriented TCP messages. The messages are of variable length with no header specifying the length. The message is considered finished when a '\n' character is found. These messages may span multiple packets as well as have multiple messages in 1 packet. I have only written dissectors that have header info that can be used to return a length value for tcp_dissect_pdus to handle the fragmentation. Since I cannot determine the length until I find a '\n' character, how can I dissect these message types? Is there a way to parse a packet, get to the end of the packet, then realize you need to continue the current dissection with the next packet? If so, how? Thanks for any help! Confidentiality Notice: This e-mail (including any attachments) is intended only for the recipients named above. It may contain confidential or privileged information and should not be read, copied or otherwise used by any other person. If you are not a named recipient, please notify the sender of that fact and delete the e-mail from your system. ---------------------------------------------------------------------- -- ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe Confidentiality Notice: This e-mail (including any attachments) is intended only for the recipients named above. It may contain confidential or privileged information and should not be read, copied or otherwise used by any other person. If you are not a named recipient, please notify the sender of that fact and delete the e-mail from your system. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Help with dissecting data spanning multiple packets without knowing the length up front Jarolin, Robert (Oct 23)
- Re: Help with dissecting data spanning multiple packets without knowing the length up front wsgd (Oct 23)
- Re: Help with dissecting data spanning multiple packets without knowing the length up front Jarolin, Robert (Oct 24)
- Re: Help with dissecting data spanning multiple packets without knowing the length up front wsgd (Oct 23)