On Mon, Apr 26, 2010 at 10:15:01PM -0700, Craig Bumpstead wrote:
> So your saying to reassemble the packet then run the dissector again?
At the beginning of your dissection, figure out if the packet is going
to span multiple TCP segments. If it is, return to Wireshark with
information on how many more bytes to reassemble before calling your
dissector again. The next time it's called, it can determine that all
of the required data is present and do normal dissection.
> Is there a way that I can just specify the TCP Port range with just 2
> port numbers?
No. You could either run a for() loop registering the ports (I don't
know of any dissector that does this currently though) or register a
heuristic dissector that looks at all packet's contents to see if it
looks like your packet instead of only matching on certain ports.
--
Steve
