 | 1 | initial version |
TLDR: it's probably easier to read this section in the Developers Guide.
First off, it's important to realise that TCP is a stream transport, so simply a continues flow of bytes. Any structure has to be defined by the protocol layer on top of TCP using this stream transport. The dissector for this protocol can make use of some simple facilities provided by the TCP dissector to handle these TCP segments. It has to provide a function which can tell the TCP dissector how many bytes it needs for a PDU, and the TCP dissector takes care of the rest. Once the TCP dissector has collected enough bytes from the incoming TCP transport it hands the requested size of bytes to this protocol dissector on top and keeps the rest (if any) for the next PDU to be handed over.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
