Wireshark-dev: Re: [Wireshark-dev] Buffering packets for dissection
From: Andreas <[email protected]>
Date: Thu, 29 Jul 2010 06:51:38 +0000 (UTC)
Jaap Keuter <[email protected]> writes:
> Hi,
> 
> It looks like you want to packetize a streaming protocol in a datagram
> protocol. That causes inherent problems. You may want to consider 
> packing in TCP, a stream oriented protocol, which should have better
> support in Wireshark. I know that RTP is a streaming datagram protocol,
> and uses specific RTP support routines in Wireshark.
> 
> Thanks,
> Jaap

Hi,

I've checked out the tutorial about reassembling TCP fragments, but it seems
tcp_dissect_pdus() needs a fixed size header, which this protocol (TFO) doesn't
have.

Well, okay, the frames and messages do have headers, but they can only be
obtained after reassembly; I need to extract every 16th byte's LSB, and one
message can consist of 30 to 130 bits. 

Also, the length of the message depends on the bits in parts of the message,
indicating if another part will follow or not.

Br.

Andreas