Wireshark · Ethereal-dev: Re: [Ethereal-dev] How can I get offset of some field from tcp data zone?

Ethereal-dev: Re: [Ethereal-dev] How can I get offset of some field from tcp data zone?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 04 Jan 2006 02:00:05 -0800

scz wrote:

In some sub dissector, for example:

TCP
    NBT
        SMB
            DCE/RPC
                stub data

I'm unmarshaling the stub data, and want to show offset to &NBT in graphic
tree. Can I get/compute the offset via pinfo->private_data or others?

No.

There is, BTW, no guarantee that there will *be* TCP (although it'slikely to be there, as it's probably not running atop NBF, or any of theother older transports atop which SMB runs), or NBT (although theSMB-over-TCP wrapper is equivalent) or, if the service can run atopnon-SMB transports, any of the stuff above DCE RPC.


It might, at some point, run over SMB2 as well.

There might also be transaction-layer (or DCE layer?) reassembly, so thestub data might be a chunk of reassembled data, with more than one NBTheader.

References:
- [Ethereal-dev] How can I get offset of some field from tcp data zone?
  - From: scz

Prev by Date: Re: [Ethereal-dev] Développement rémunéré à partir de Ethereal
Next by Date: Re: [Ethereal-dev] Found a difference about the source code version and the setup version
Previous by thread: [Ethereal-dev] How can I get offset of some field from tcp data zone?
Next by thread: [Ethereal-dev] Multiple/Recursive PDUs
Index(es):
- Date
- Thread