Wireshark mailing list archives

Re: Question for LUA dissection

From: Roland Knall <rknall () gmail com>
Date: Wed, 7 Feb 2018 15:59:52 +0100

Yeah, the issue is, that the result of dissect_tcp_pdus is segmented, and I
need to desegment on top of that. In C I would face the same issue, and
there I would move to taps, as I do not need the info live

I'll take a look at the threads though, thanks

cheers

On Wed, Feb 7, 2018 at 3:57 PM, Jeff Morriss <jeff.morriss.ws () gmail com>
wrote:



On Wed, Feb 7, 2018 at 9:38 AM, Roland Knall <rknall () gmail com> wrote:

Hi

Just a short question.

I have a protocol, which transports information via TCP. Now we have a
segmented download via this protocol, which in turn is a TCP segmented
transfer.

I can desegment_tcp_pdus, and end up with a couple of messages with the
bigger blocks, which I now need to desegment further.

I am at a loss on how to do that, does anyone have an idea? In C I would
use taps and display the final files somewhere else (not in the packet
stream), but not really have an idea on how to do this in LUA.


In C you could also use dissect_tcp_pdus() and get the (reassembled)
packet in your dissector and dissect that.

Anyone got an Idea?


There's an old thread about that; here are a couple useful looking answers:

https://www.wireshark.org/lists/wireshark-dev/201610/msg00057.html
https://www.wireshark.org/lists/wireshark-dev/201610/msg00067.html


____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=
unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Question for LUA dissection Roland Knall (Feb 07)
- Re: Question for LUA dissection Jeff Morriss (Feb 07)
  - Re: Question for LUA dissection Roland Knall (Feb 07)
    - Re: Question for LUA dissection Peter Wu (Feb 07)
    - Re: Question for LUA dissection Roland Knall (Feb 07)
    - Re: Question for LUA dissection Peter Wu (Feb 07)