Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The problem has nothing to do with Lua.

It has to do with the capture not having all the packets in the TCP flow from to

Frame 860 has bytes with relative TCP sequence numbers 910601 to 912580 (the starting sequence number is 910601, and the TCP segment has 1980 bytes).

Frame 862 has bytes with relative TCP sequence numbers 913902 to 915189.

So the bytes from 912581 through 913901 are missing from the capture.

If "Allow subdissector to reassemble TCP streams" is on, the attempt to reassemble the RTP packet that begins in frame 860 will fail, causing all subsequent attempts to reassemble RTP packets to fail.

This mean that the RTP dissector won't be called after frame 860; if your Lua dissector is called by the RTP dissector, that means that it won't be called, either.

Unfortunately, there's no way to get Wireshark to give up on trying to reassemble that RTP packet and to start over again trying to reassemble and dissect RTP packets.