Wireshark mailing list archives

Re: Dissector question


From: Evan Huus <eapache () gmail com>
Date: Sun, 10 Mar 2013 12:13:45 -0400

On Sun, Mar 10, 2013 at 12:56 AM, David Arnold <davida () pobox com> wrote:
Hi all,

I'm writing a dissector for a TCP-based framing protocol which implements application-level sequence numbers by 
counting received messages.  When a client logs into the server, the login acceptance packet from the server includes 
the number of the next packet to be delivered, and the client is responsible for counting packets thereafter.  The 
sequence numbers are only included in the Login Request and Acceptance packets, not in any of the actual data.

I'm trying to figure out the best way to determine and display these sequence numbers in my dissector.

So far, I'm using the standard TCP-based PDU dissecting approach, and I can identify the Login Acceptance packet 
(when it's processed) to find the first sequence number.  I've tried using a conversation_t to hold information about 
the initial sequence, but since I need to then increment the sequence number for each PDU received, I cannot simply 
count frame numbers from there -- it needs to be done after identifying the PDUs.

I'm not sure I follow this. Can't you simply store the most recent
sequence number in the conversation struct, and increment it for each
PDU received?

Evan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


Current thread: