This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tcp options dissection

0

I was wondering if there is some way to do this. 1. to decode the options part of tcp protocol or say dissect the options part of the tcp header. 2.once i decode the options part, get wireshark to do the rest of decoding as usual.

There are certain options that wireshark shows as unknown. These contain some important info which my company has requested me to dissect. Kindly let me know where I should make the change since the packet-tcp.c is very complicated

asked 27 Mar '11, 06:30

niks3089's gravatar image

niks3089
21151518
accept rate: 0%


One Answer:

1

You should modify the tcpopts array to add the TCP options in question. See epan/ip_opts.h for the definition of the ip_tcp_opt structure.

If you have any more questions, you should ask them on the wireshark-dev mailing list; see the Wireshark mailing list page for more information.

answered 27 Mar '11, 14:35

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hi Is there anyway we can do this using the Lua dissector? I know I need to use the chained dissector but will I need to parse the Options from the beginning in order to reach the unknown part in the options or can I jump to the unknown part in the options?

(26 Sep '13, 23:29) Vinay