Wireshark-dev: Re: [Wireshark-dev] decoding java object stream

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Sat, 4 Aug 2007 11:05:16 -0600

On Fri, Jul 27, 2007 at 10:14:51AM -0400, yin sun wrote:

> The other way is, as I know the whole TCP stream is dedicated for this
> java object stream, so in theory I just need to reassemble all of them
> into one big buffer. Then the question is,

> 1. for static file (packets captured already), is there a function to
> reassemble all tcp packets into one buffer? (similar to trace tcp
> stream)

You can reassemble all TCP segments up to the segment with the FIN bit
set by using the method of TCP reassembly mentioned in section 2.7.2 of
doc/README.developer.  The one change you need to make to that sample
code is to change DESEGMENT_ONE_MORE_SEGMENT to DESEGMENT_UNTIL_FIN.  

> 2. for live capture, can I do this. When my plugin is decoding, the
> buffer is growing as well to append all incoming packets.

The method above will work the same for packets in a capture file as
well as during a live capture.


Steve