Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Single TCP segment having multiple PDUs not working

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 27 Sep 2007 18:17:12 -0700

On Sep 27, 2007, at 4:30 PM, Zongjun wrote:

I could have 30 different kinds of messages and I just can't know the fix length. However, using tcp_dissect_pdus you have to give the fix length.

No.

Using tcp_dissect_pdus() you have to give:

	1) a fixed minimum length, which:

		includes all the data necessary to determine the message length;

		is no longer than the shortest message length;

2) a routine that, given the minimum length worth of data, determines the message length.

What determines the message length in your protocol?

Is there a message length field in all messages, at the same offset from the beginning of the message in all messages? If so, then the minimum length is the length of the message length field plus the length of the data preceding the message length field.

If not, is there a message type field in all messages, at the same offset from the beginning of the message in all messages, and can the length of the message be determined from the value of the message type field? If so, then the minimum length is the length of the message type field plus the length of the data preceding the message length field.

If not, what else is used to determine the length of the message?