dissecting TCP packets with multiple PDUs

[John Dill <John.Dill () greenfieldeng com>]

I have a TCP protocol that sends multiple PDUs.  So far, my dissector seems to handle the cases where one PDU is split 
across multiple frames, and when multiple PDUs are dissected in one frame.  Unfortunately, I'm having issues where the 
TCP dissection stops if I have multiple PDUs that are split inside a frame, e.g.



packet 37104 TCP segment (536)

packet 37167 TCP segment (498) - creates reassembled TCP size of (1034) which is correct



However, packet 37167 has the start of another PDU containing 38 bytes.  I can't seem to get the dissector to recognize 
the start of it.



?I printed out the captured length, but it always seems to be 1034.  I'm not sure how to recognize that the current 
frame has leftover bytes to start a new dissection.



Is there an example plugin that someone can suggest that I can investigate to see how this scenario is handled?



Thanks,

John D.




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe