Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: [Wireshark-dev] TCP Reassembly

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Matt Poduska" <mpoduska.intermec@xxxxxxxxx>
Date: Wed, 2 Jul 2008 07:58:48 -0500

Title: TCP Reassembly

I'm attempting to dissect a TCP protocol where messages can be much larger than the size of an 802.3 frame. I've followed the recipe for dissecting TCP fragments in the wiki (http://wireshark.digimirror.nl/docs/wsdg_html_chunked/ChDissectReassemble.html), but I'm finding that tvb_* functions don't seem to reflect the proper size of the reassembled message. For instance, I have a message that's around 32kB, split across about 20 frames. I find that even though I've called the dissector using tcp_dissect_pdus() with a length of 32kB, within my dissector tvb_length_remaining() returns only the length of the first frame, around 1.5kB. Are there alternate tvb_* functions I should be using? Are the tvb's somehow chained, and I'm not looking at the correct one?

Thanks,

Matt Poduska
Software Engineer, RFID Systems
Intermec
550 Second Street SE
Cedar Rapids, IA 52401
voice: 319.369.3331
fax: 319.369.3577

  • Prev by Date: [Wireshark-dev] losing packets: epilogue
  • Next by Date: [Wireshark-dev] Adding New Capture Hardware
  • Previous by thread: Re: [Wireshark-dev] same call
  • Next by thread: [Wireshark-dev] Adding New Capture Hardware
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation