Re: Dissecting a Protocol with multiple static TCP ports

[Craig Bumpstead <cbumpste () yahoo com au>]

Chris,

So your saying to reassemble the packet then run the dissector again?
Is there a way that I can just specify the TCP Port range with just 2 port numbers?

Regards,
Craig



----- Original Message ----
From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Tue, 27 April, 2010 12:02:02 PM
Subject: Re: [Wireshark-dev] Dissecting a Protocol with multiple static TCP ports

Craig,

You probably need to take a look at tcp_dissect_pdus().  If you're lucky, it'll help you reassemble your TCP stream; if 
not, you might need to write your own TCP reassembly routines.  There are many dissectors that make use of it for 
reassembly and it's documented in section 2.7.1 of README.developer, so hopefully you find plenty of help and examples 
about it.  Assuming that's what you need of course.

- Chris
________________________________________
From: wireshark-dev-bounces () wireshark org [wireshark-dev-bounces () wireshark org] On Behalf Of Craig Bumpstead 
[cbumpste () yahoo com au]
Sent: Monday, April 26, 2010 9:38 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissecting a Protocol with multiple static TCP     ports

Bill,

The packets that are not decoded are decoded as TCP packets. So I don't understand why it only decodes the first one. I 
must be making a mistake in the code.

Regards,
Craig




----- Original Message ----
From: Bill Meier <wmeier () newsguy com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Tue, 27 April, 2010 11:10:14 AM
Subject: Re: [Wireshark-dev] Dissecting a Protocol with multiple static TCP ports

Craig Bumpstead wrote:
> Bill,
>
> Thanks for the quick response. That setting is off.
> The first and second packets are TCP port 4435 and 21016 which it decodes.
> However from that point on it doesn't decode packets with
> TCP port 4435.
>
> I loath posting my code, but obviously I am making a mistake somewhere.

I don't see anything obviously wrong with the code.

A question: What is actually shown in Wireshark for the packets not
decoded ?

Are they decoded as TCP ? As some other protocol ?



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



      
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe