Ask Your Question

Dissect tcp packet with 0 length

asked 2019-08-21 21:39:17 +0000


I'm writing a packet dissector and would like to dissect TCP packets with zero length (ACK only packets). I would like to do this to add additional information to the packet info column. I'm able to do this with other TCP packets with my dissector, but it seems as if the 0 length TCP packets are never passed off to other dissectors. Is this correct? Is there any way I can get those packets passed on to my dissector?


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-08-21 22:02:44 +0000

Jaap gravatar image

As a general concept, without further data in the packet no upper layer dissector is called. This means that non-data carrying TCP packets also do not hand off an empty data block to the application layer dissectors.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-08-21 21:39:17 +0000

Seen: 297 times

Last updated: Aug 21 '19