Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Achieving TCP reassembly with a Lua dissector

From: "martin cowie" <treacleminer@xxxxxxxxx>
Date: Wed, 22 Oct 2008 15:44:41 +0100
Assembled Wiresharks (pun intended),

I have drawn together a protocol dissector in Lua in under a day, and
much have I been impressed with it.

TCP reassembly is proving tricky though. The Wiki page tells me that I
may return a negative number from my_whizzo_proto.dissector() to
instruct Wireshark to retrieve that (positive) number of bytes from
the TCP stream and call the dissector again, but this doesn't bear out
in practice.

Can anyone point me at a working example?

I'm using Wireshark Version 1.0.4 (SVN Rev 26501) on Win2K.

Many many Thanks,

Martin