Wireshark · Wireshark-dev: Re: [Wireshark-dev] Check for end of packet?

Wireshark-dev: Re: [Wireshark-dev] Check for end of packet?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 09 May 2007 12:05:54 -0700

Kevin A. Noll wrote:


I know this should be easy to do, but I can't find it written down in
anything I can readily find...

I'm trying to decode a packet that has TLVs at the end of it. One of the
possible TLVs is a "NULL" TLV, which is simply one or more bytes with the
zero value. However, if it's any other kind of TLV, it is likely to start
with a zero and then be followed by another value that indicates the actual
type.

How do I check for that second byte without reading past the end of the
packet buffer?


How does the code that receives one of these packets check for it?

("It is likely" makes it sound as if this would be a heuristic. Theactual recipient of one of these packets doesn't have to use aheuristic, does it?)

Follow-Ups:
- Re: [Wireshark-dev] Check for end of packet?
  - From: Kevin A. Noll

References:
- [Wireshark-dev] Check for end of packet?
  - From: Kevin A. Noll

Prev by Date: [Wireshark-dev] Check for end of packet?
Next by Date: Re: [Wireshark-dev] Check for end of packet?
Previous by thread: [Wireshark-dev] Check for end of packet?
Next by thread: Re: [Wireshark-dev] Check for end of packet?
Index(es):
- Date
- Thread