Wireshark mailing list archives
Re: foo dissector of the dev guide
From: Lange Jan-Erik <Jan-Erik.Lange () haw-hamburg de>
Date: Thu, 18 Nov 2010 11:22:19 +0100
You're right. I captured UDP Frames from my network. Now I'm working with these Frames an modify them in a HEX Editor for testing.. Thank you very much ________________________________ Von: wireshark-dev-bounces () wireshark org [wireshark-dev-bounces () wireshark org] im Auftrag von Guy Harris [guy () alum mit edu] Gesendet: Donnerstag, 18. November 2010 04:59 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] foo dissector of the dev guide On Nov 16, 2010, at 2:16 AM, Lange Jan-Erik wrote: I want to try the example dissector out of the dev guide of wireshark. The dissector works with UDP on port 1234. But when I'm sending a UDP Frame with UDP Src 1234 und Dest 1234 (IPv4) then in the protocol section of the UI is labeled with IP only like you can see in the screenshot picture. Shouldn't it be labeled with FOO? No, because they're IP fragments. In order for the IP dissector to hand those packets to the UDP dissector, either: 1) if IP reassembly is disabled, those packets must be the first fragment - in the sense of having a fragment offset of 0 - of the fragmented datagram or 2) if IP reassembly is enabled, all the fragments must be present in the capture, so that the fragments can be reassembled, and those packets must be the last fragment - in the sense of "last fragment, chronologically" - of the fragmented datagram. Those fragments do *not* have a fragment offset of 0, so they'll just be dissected as IP fragments unless the fragmented datagram can be reassembled. In order for the IP datagram to be reassembled, IP reassembly must be enabled (which it is by default), and *all* of the fragments must be present; I don't see the other fragments in that capture.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- foo dissector of the dev guide Lange Jan-Erik (Nov 16)
- Re: foo dissector of the dev guide Jaap Keuter (Nov 16)
- Re: foo dissector of the dev guide Lange Jan-Erik (Nov 16)
- Re: foo dissector of the dev guide Lange Jan-Erik (Nov 16)
- Re: foo dissector of the dev guide Christopher Maynard (Nov 16)
- Re: foo dissector of the dev guide Lange Jan-Erik (Nov 17)
- Re: foo dissector of the dev guide Stephen Fisher (Nov 17)
- Re: foo dissector of the dev guide Guy Harris (Nov 17)
- Re: foo dissector of the dev guide Lange Jan-Erik (Nov 18)
- Re: foo dissector of the dev guide Helge Kruse (Nov 18)
- Re: foo dissector of the dev guide Lange Jan-Erik (Nov 18)
- Re: foo dissector of the dev guide Lange Jan-Erik (Nov 18)
- Re: foo dissector of the dev guide Jaap Keuter (Nov 16)