Dear all,
comments in-line.
Best regards
Michael
On Jan 1, 2008, at 12:56 PM, Guy Harris wrote:
Lars Friedrichs wrote:
thanks for your reply. I know that the protocol is really
misbehaving in
several ways but I am not the one who wrote it nor the one who may
change it. But from your answer I can conclude that it is not
possible
to do so?!
Yes.
Is the implementation of the protocol assuming that the only other
implementations of the protocol with which it exchanges packets
assigns
the identification field in such a fashion as not to put arbitrary
values into the IP identification field? And, therefore, is it
assuming
that, for example, this will cause no problems if any routers between
the source and destination fragment any packets?
If so, then the designer of the protocol really needs to study RFC 791
until their eyeballs bleeed.
If you really need to dissect such an utterly broken protocol, you
could
try adding to the IP dissector code to have an "ip.id" dissector
table.
but make sure that your dissector is not handling by accident a
packet from a different protocol... Not sure how that can be done,
it depends on the protocol.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
