Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Single TCP segment having multiple PDUs not working

From: Zongjun <qizongjun@xxxxxxxxx>
Date: Thu, 27 Sep 2007 18:43:55 -0700
Hello Guy,

I am using asn1 BER encoding at the sending side. And It is hard to figure it out what exactly is the length byte. I have read the hexdump for some different messages, they are varying.

I might be trying your suggestion when I get time. But thanks anyway.

Zongjun

On 9/27/07, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Sep 27, 2007, at 4:30 PM, Zongjun wrote:

> I could have 30 different kinds of messages and I just can't know
> the fix length. However, using tcp_dissect_pdus you have to give the
> fix length.

No.

Using tcp_dissect_pdus() you have to give:

        1) a fixed minimum length, which:

                includes all the data necessary to determine the message length;

                is no longer than the shortest message length;

        2) a routine that, given the minimum length worth of data, determines
the message length.

What determines the message length in your protocol?

Is there a message length field in all messages, at the same offset
from the beginning of the message in all messages?  If so, then the
minimum length is the length of the message length field plus the
length of the data preceding the message length field.

If not, is there a message type field in all messages, at the same
offset from the beginning of the message in all messages, and can the
length of the message be determined from the value of the message type
field?  If so, then the minimum length is the length of the message
type field plus the length of the data preceding the message length
field.

If not, what else is used to determine the length of the message?
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



--
Thanks,
Zongjun