Wireshark-dev: Re: [Wireshark-dev] no size information in fixed header-length for tcp_dissect_p
From: Robert Naumann <[email protected]>
Date: Fri, 08 Jun 2007 08:32:52 +0200
Stephen Fisher wrote:
On Thu, Jun 07, 2007 at 04:13:09PM +0200, Robert Naumann wrote:

in the rfb-protocol i've to dissect i got some zlib-compressed 
FramebufferUpdates. The PDU-header doenst contain any information 
about the compressed data-bytes, so i decided to sniff in the 
compressed data, as there are the lenght information of one compressed 
part is stored.  So i can move on the datastream to the next size 
information until the end of the PDU. My GET_PDU_LEN()- function 
reports the correct size of the hole PDU. Now to the problems i got.
Are you trying to dissect the VNC protocol?  I added support for server 
frame buffer updates to the VNC dissector after 0.99.5 was released and 
this includes the ZRLE (Zlib-compressed Run Length Encoding) type.  The 
sub-dissection of the ZRLE uncompressed data is not quite complete 
no its an own rfb-protocol version the company (i work for) adopted for their purposes (not VNC). I dont know how excatly how the VNC protocol works and if there are the same problems i have. But a look at the code maybe helps me.
Wireshark-dev mailing list
[email protected]