Hi all,
I'm writing a dissector for a TCP-based framing protocol which implements application-level sequence numbers by counting received messages. When a client logs into the server, the login acceptance packet from the server includes the number of the next packet to be delivered, and the client is responsible for counting packets thereafter. The sequence numbers are only included in the Login Request and Acceptance packets, not in any of the actual data.
I'm trying to figure out the best way to determine and display these sequence numbers in my dissector.
So far, I'm using the standard TCP-based PDU dissecting approach, and I can identify the Login Acceptance packet (when it's processed) to find the first sequence number. I've tried using a conversation_t to hold information about the initial sequence, but since I need to then increment the sequence number for each PDU received, I cannot simply count frame numbers from there -- it needs to be done after identifying the PDUs.
The best approach I've been able to come up with so far is to walk the dissected tree backwards, looking for the login, but in this protocol it's common to have long-lived sessions with millions of packets, so I'm worried that would cause unacceptable performance.
Any suggestions?
Thanks in advance,
d
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
