Wireshark · Wireshark-dev: Re: [Wireshark-dev] wslua tcp reconstruct behaves strange when multiple messages span multiple packe

Wireshark-dev: Re: [Wireshark-dev] wslua tcp reconstruct behaves strange when multiple messages

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 5 Nov 2013 15:52:42 -0800

On Nov 5, 2013, at 4:40 AM, Sjoerd van Doorn <sjoerd.van.doorn@xxxxxxxxxxxx> wrote:

> For example if I have a TCP connection with packets over it and the packets contain messages including a header.
> it would be very well possible that there are two TCP packets.

Yes, that's what tcp_dissect_pdus() handles for a lot of protocols.

>             One including the first message and the first part of the second message
>             The second with the second part of the second message and the third message

How are message boundaries indicated?

If there's a length field, tcp_dissect_pdus() can use that; unfortunately, that's not currently made available to Lua dissectors.  It probably should be.

References:
- [Wireshark-dev] wslua tcp reconstruct behaves strange when multiple messages span multiple packets
  - From: Sjoerd van Doorn

Prev by Date: Re: [Wireshark-dev] adding IRIG time and time of day
Next by Date: Re: [Wireshark-dev] adding IRIG time and time of day
Previous by thread: [Wireshark-dev] wslua tcp reconstruct behaves strange when multiple messages span multiple packets
Next by thread: [Wireshark-dev] Summary does not show packet drops for saved files
Index(es):
- Date
- Thread