Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Need help with protocol that spans multiple TVBs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sid Sid" <ysidelnikov@xxxxxxxxxxx>
Date: Mon, 12 Apr 2004 06:47:13 +0000
Unfortunately, the session dissector does not do any reassembly at the present moment. I'm going to fix it in near future.Can you send the capture file with MMS pdus? 
Can we see what you have changed in presentation dissector for MMS ?
Right now presentation dissector can only call ACSE dissector.


From: Guy Harris <gharris@xxxxxxxxx>
Reply-To: ethereal-dev@xxxxxxxxxxxx
To: Herbert Falk <herb@xxxxxxxxxxxx>
CC: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] Need help with protocol that spans multiple TVBs 
Date: Sun, 11 Apr 2004 17:59:36 -0700

On Sun, Apr 11, 2004 at 08:13:42PM -0400, Herbert Falk wrote:
> Guy Harris wrote:
> >Presumably you're using the Session and Presentation dissectors that
> >come with Ethereal?
> >
> Correct.  However, the problem appears to be at the session layer.
> Maybe I don't have a good understanding of how Ethereal is supposed to
> do reassembly.  I would have expected that the TVB, passed up would be
> a "large" buffer.  The MMS PDU is approximately 32K, however the TVB
> being passed in has a length (e.g. MMS data length) of 26 bytes.  When I
> manually analyze the COTP packets, all of the appropriate MMS data is
> present.

If the COTP packet were reassembled (you have turned COTP reassembly on,
right?), the session dissector would be handed a tvbuff containing the
payload of the reassembled COTP PDU.  If not, the session dissector
might not do any reassembly, if it concludes that it doesn't have the
full packet.

Frame 66 doesn't have "(fragment)" in its Info column, which either
means that high-order bit in the TPDU number is set or that there's a
bug somewhere in the dissector; that might be part of the problem.

If the packet were reassembled at the session layer, the presentation
dissector would be handed a tvbuff containing the payload of the
reassembled session-layer PDU.

I'd have to see a capture with the problem - and perhaps any changes
you've made to the presentation-layer dissector to make it hand off its
payload to the MMS dissector - in order to figure out what's happening
and provide further assistance.  Perhaps somebody more familiar with
those dissectors would be able to figure the problem out without that.

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev


_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube