Wireshark · Wireshark-dev: Re: [Wireshark-dev] reasebling packets - dissector question

[יוני תובל <yoni6666@xxxxxxxxx>]

i tried . it doesnt seem to work .
does " tcp_dissect_pdus. " acumulats the bytes until message is complete , only then passes it to the dissector?
i mean , should i expect that my dissection logic receive an asembled buffer from the tcp_dissect_pdus?


 
 

2009/2/22 wsgd <wsgd@xxxxxxx>

יוני תובל a écrit :

> hi
> i am writing a dissector for a message with a length greater then 1500
> bytes.
> therefor i am unable to dissect it .
> can anyone explain to me how wireshark reasebling works ?
> is it possible to gather all tvb buffers into one big buffer and then
> dissect it .
> thanks

> ------------------------------------------------------------------------
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Over TCP ?
Use tcp_dissect_pdus.
See http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html
And also README.developper, epan/dissectors/packet-tcp.h & c.


Olivier

--
Wireshark Generic Dissector http://wsgd.free.fr

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe