Re: Dissecting a Protocol with multiple static TCP ports

[Stephen Fisher <steve () stephen-fisher com>]

On Mon, Apr 26, 2010 at 10:15:01PM -0700, Craig Bumpstead wrote:

> So your saying to reassemble the packet then run the dissector again?

At the beginning of your dissection, figure out if the packet is going 
to span multiple TCP segments.  If it is, return to Wireshark with 
information on how many more bytes to reassemble before calling your 
dissector again.  The next time it's called, it can determine that all 
of the required data is present and do normal dissection.

> Is there a way that I can just specify the TCP Port range with just 2 
> port numbers?

No.  You could either run a for() loop registering the ports (I don't 
know of any dissector that does this currently though) or register a 
heuristic dissector that looks at all packet's contents to see if it 
looks like your packet instead of only matching on certain ports.


-- 
Steve
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe