Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP dissect issue when app-level message spans multiple TCP packets

From: Guy Harris <guy () alum mit edu>
Date: Thu, 5 May 2011 12:26:06 -0700

On May 5, 2011, at 8:59 AM, Fernandez, Rafael wrote:


guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
       guint remaining  = tvb_length_remaining(tvb, offset);
       guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;


So, in your protocol:

        all messages start with a fixed-length header MESSAGE_HEADER_SIZE bytes long, and may have zero or more bytes 
after that header;

        the first 4 bytes of a message (i.e., the first 4 bytes of the header) are a little-endian value that is the 
length of the part of the message after the fixed-length header?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: