Re: Question regarding using Taps in Lua

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Holger Freyther wrote:
> Hi all,
>
> I wrote a simple lua script[1] with the intention to split a trace based on
> SCCP connections and then only keep the connections that have shown kind of a
> problem. In general it is working fine but I have one problem. I am missing
> SCCP packets in my trace. I wonder if the following might be an explanation.
> What happens if there are multiple IP packets in one Ethernet frame? Will
> tap:packet be called for each IP packet inside the frame or will I need to
> iterate over the packets from within the tap:packet() call?

Each IP packet is sent to the tap separately, even if there are multiple 
IP packets per frame (at least AFAICS).

But, are you dealing with multiple IP packets per frame or multiple SCTP 
data chunks (and thus M3UA and SCCP packets) per frame?

If the latter, you might be better off tapping higher--maybe at the M3UA 
or SCCP tap.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe