Title: TCP Reassembly
I'm attempting to dissect a TCP protocol where messages can be much larger than the size of an 802.3 frame. I've followed the recipe for dissecting TCP fragments in the wiki (http://wireshark.digimirror.nl/docs/wsdg_html_chunked/ChDissectReassemble.html), but I'm finding that tvb_* functions don't seem to reflect the proper size of the reassembled message. For instance, I have a message that's around 32kB, split across about 20 frames. I find that even though I've called the dissector using tcp_dissect_pdus() with a length of 32kB, within my dissector tvb_length_remaining() returns only the length of the first frame, around 1.5kB. Are there alternate tvb_* functions I should be using? Are the tvb's somehow chained, and I'm not looking at the correct one?
Thanks,
Matt Poduska
Software Engineer, RFID Systems
Intermec
550 Second Street SE
Cedar Rapids, IA 52401
voice: 319.369.3331
fax: 319.369.3577
