Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Dissector question

From: Evan Huus <eapache@xxxxxxxxx>
Date: Sun, 10 Mar 2013 12:13:45 -0400
On Sun, Mar 10, 2013 at 12:56 AM, David Arnold <davida@xxxxxxxxx> wrote:
> Hi all,
>
> I'm writing a dissector for a TCP-based framing protocol which implements application-level sequence numbers by counting received messages.  When a client logs into the server, the login acceptance packet from the server includes the number of the next packet to be delivered, and the client is responsible for counting packets thereafter.  The sequence numbers are only included in the Login Request and Acceptance packets, not in any of the actual data.
>
> I'm trying to figure out the best way to determine and display these sequence numbers in my dissector.
>
> So far, I'm using the standard TCP-based PDU dissecting approach, and I can identify the Login Acceptance packet (when it's processed) to find the first sequence number.  I've tried using a conversation_t to hold information about the initial sequence, but since I need to then increment the sequence number for each PDU received, I cannot simply count frame numbers from there -- it needs to be done after identifying the PDUs.

I'm not sure I follow this. Can't you simply store the most recent
sequence number in the conversation struct, and increment it for each
PDU received?

Evan