Wireshark-dev: Re: [Wireshark-dev] Packet reassembling
From: Jaap Keuter <[email protected]>
Date: Wed, 12 Jul 2006 11:06:20 +0200 (CEST)
Hi Gerhard,

Could you write up what you have found out, in a form that could be added
to the developer guide? Your contribution would be appreciated.

Thanx,
Jaap

On Wed, 12 Jul 2006, Gerhard Gappmeier wrote:

> Thanks Ronnie,
>
> tcp_dissect_pdus() is perfect and saved me a lot of time.
>
> I used the implementation of gryphon to see how it works.
> It would be a good idea to mention that in the developer-guide.
>
> mit freundlichen Gr??en / best regards
>
> *Gerhard Gappmeier*
> ascolab GmbH - automation system communication laboratory
> Tel.: +49 9131 691 123
> Fax: +49 9131 691 128
> Web: http://www.ascolab.com
> GPG-Key: http://www.ascolab.com/gpg/gg.asc
>
>
> ronnie sahlberg schrieb:
> > create a conersation for each tcp session to track the packets.
> >
> > or use tcp_dissect_pdus() which will do that for you.
> >
> >
> > On 7/11/06, Gerhard Gappmeier <[email protected]> wrote:
> >> Hello
> >>
> >> I have read the chapter about packet reassembling.
> >> It's clear except from one point.
> >>
> >> If a server has multiple TCP connections to different clients,
> >> the captured packets can be mixed up from different messages.
> >> How is this kept in mind?
> >> Is this tracked automagically by "fragment_add_seq_check" with the
> >> contents of the "packet_info" structure,
> >> or is the example in the docs not taking this into account?
> >> Is one instance of the "msg_fragment_table" and "msg_reassembled_table
> >> enough" for multiple connections?
> >> Or do I need one for each connection?
> >>
> >> I see at least a problem with the sequence numbers.
> >> At least my protocol has no sequence number for different chunks,
> >> so I have to do something like "connection[i].seq_number++" for each
> >> connection.
> >> Are there any recommendations?
> >>
> >> --
> >> mit freundlichen Gr??en / best regards
> >>
> >> *Gerhard Gappmeier*
> >> ascolab GmbH - automation system communication laboratory
> >> Tel.: +49 9131 691 123
> >> Fax: +49 9131 691 128
> >> Web: http://www.ascolab.com
> >> GPG-Key: http://www.ascolab.com/gpg/gg.asc
> >>
> >>
> >
>