Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] Dissect a stream

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Helge Kruse" <HelgeKruse@xxxxxxxxxxx>
Date: Sun, 27 Feb 2005 15:09:30 +0100

Hello,

 

I have written a dissector for a UDP based protocol. Now I need to write for a TCP based protocol. While I know, that in each packet starts a new packet with datagram protocols like UDP, the TCP messages are packed in a stream. I fear that the messages are not aligned at packet boundaries, even, if the sending process calls a single write for each message.

 

What is the best way to find the start of a new message in a stream?

Is there a dissector, that I can use as a sample?

 

I have read README.Developer, but did not find an answer. Sorry, if this is a FAQ.

 

Regards,

/Helge

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube