In the Developer’s Guide, 9.4.2
How to reassemble split TCP Packets
mentions “You also cannot assume that a TCP packet contains only one application layer message and that the message header is at the start of your TCP payload. More than one messages can be transmitted
in one TCP packet, so that a message can start at an arbitrary position.”.
I have this situation and
Would there be an example that show how to properly display the COL_INFO for the second TCP payload message as a separate (next) row?
e.g. – Currently, my dissector performs the correction dissection on both messages, but I’m having to display the information for both messages on the same row within the “Info” column
So it looks like
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG CAT
What do I see to do to make the presentation look like
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG
CAT
or even
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG
1 232.1 10.1.1.1 10.1.1.2 XXXX CAT
or perhaps
No. Time Source Destination Protocol Info
1 232.1 10.1.1.1 10.1.1.2 XXXX DOG
2 232.1 10.1.1.1 10.1.1.2 XXXX CAT
Basically, how do I allocate and display information to the next row from within my dissector?
Thanks,
Joe
