Dissector question

[David Arnold <davida () pobox com>]

Hi all,

I'm writing a dissector for a TCP-based framing protocol which implements application-level sequence numbers by 
counting received messages.  When a client logs into the server, the login acceptance packet from the server includes 
the number of the next packet to be delivered, and the client is responsible for counting packets thereafter.  The 
sequence numbers are only included in the Login Request and Acceptance packets, not in any of the actual data.

I'm trying to figure out the best way to determine and display these sequence numbers in my dissector.

So far, I'm using the standard TCP-based PDU dissecting approach, and I can identify the Login Acceptance packet (when 
it's processed) to find the first sequence number.  I've tried using a conversation_t to hold information about the 
initial sequence, but since I need to then increment the sequence number for each PDU received, I cannot simply count 
frame numbers from there -- it needs to be done after identifying the PDUs.

The best approach I've been able to come up with so far is to walk the dissected tree backwards, looking for the login, 
but in this protocol it's common to have long-lived sessions with millions of packets, so I'm worried that would cause 
unacceptable performance.

Any suggestions?

Thanks in advance,



d

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe