[closed] tcp_dissect_pdus. get reassemble TCP

0

Hi, I'm using

tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_foo_message_len, dissect_foo_message)

to reassemble split TCP Packets in my own dissector. However, I cannot get the full TCP packet. In the dissect_foo_message, I do nothing first, just get the full TCP context by using:

data_len = tvb_length(tvb);
sprintf(str, "%s\n", tvb_get_string(tvb, 122, data_len));

the context in str is truncated.

I'm confused, according to the tutorial, I should get the full TCP packet in the dissect_foo_message, right? Help!!

asked 11 Oct '12, 23:56

razygon's gravatar image

razygon
1112
accept rate: 0%

closed 15 Oct '12, 07:38

Bill%20Meier's gravatar image

Bill Meier ♦
2.0k1639

1

We'll need to see a bit more of your code. How are you determining the actual length of the PDU in get_foo_message_len() ?

dissect_foo_message() will be handed a tvb of whatever length is returned by get_foo_message_len()

(12 Oct '12, 06:48) Bill Meier ♦ 
void proto_reg_handoff_dataparse(void)
{
    dataparse_handle = create_dissector_handle(dissect_dataparse, proto_dataparse);
    dissector_add_uint("tcp.port", dataparse_PORT, dataparse_handle); 
    **`//so the tvb only include data, no package headers, right?`**

}
static guint get_dataparse_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
    return 2000;
}
static void dissect_dataparse_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    int ip_len = 0;
    int data_len = 0;
    char *str;

    FILE *stream;

    if ((stream = fopen(filename,"a")) ==NULL)
    {
        return;
    }

    data_len = tvb_length(tvb);
    str = (char *)malloc(data_len);
    sprintf(str, "%s\n", tvb_get_string(tvb, 0, 2000));
    fwrite(str, strlen(str), 1, stream);        
    if(stream != NULL)
    fclose(stream);

}

(15 Oct '12, 02:54) razygon

Hi Bill, I didn't finish the code, now i'm testing the function tcp_dissect_pdus() to check whether it works. But i try to give specific code in the below comment. besides that I have two questions: 1. I cannot get the len in advance, for the protocol didn't give it... is there any other way to get it? 2. for test, i set the return value of get_foo_message_len fixed, like 2000. but the data i get is not consecutive? confused...

(15 Oct '12, 02:58) razygon

[ This type of discussion is best done on wireshark-dev@wireshark.org mailing list.

So: I'm taking the liberty of "closing" this question in favor of continuing the discussion on wireshark-dev; I'll post a reply shortly on wireshark-dev.

See https://www.wireshark.org/lists/ to subscribe to the list. ]

(15 Oct '12, 07:37) Bill Meier ♦

The question has been closed for the following reason "(Discussion to continue on wireshark-dev mailing list)." by Bill Meier 15 Oct '12, 07:38

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×226
×9

Asked: 11 Oct '12, 23:56

Seen: 452 times

Last updated: 15 Oct '12, 07:38

Related questions

Combine ending part of packet with starting part of the next packet. (to dissect later on.))

How to reassemble packet in text-based protocol

Enabling reassembly of TCP packets

'mate failed to configure' when starting with web.mate enabled

TCP window size and scaling

How do I create a statistic which side closes the most connections?

"Unreassembled Packet (Exception occurred)" error message

TCP SYN/SYN ACK/PSH ACK/ACK

TCP initial congestion window (slow-start)

Trigger an executable file once wireshark finds a "keyword" on live capture

about | faq | privacy | support | contact

powered by OSQA