Dissecting ACKs

asked 2018-01-31 14:10:28 +0000

SJB gravatar image

I’m writing a dissector in C to dissect TCP traffic as my custom protocol. I’m using a heuristic dissector on TCP traffic.

The packets containing the data I need (in the payload) seem to have the PSH and ACK flags and thus the packets do not pass through the dissector.

Am I missing something? Is there a setting or a type of protocol registration I am missing to be able to dissect ACKs as well as normal TCP traffic?

edit retag flag offensive close merge delete


The ACK flag being set doesn't prevent a TCP segment from being handed to dissectors, and neither does the PSH flag. If your dissector isn't seeing those packets, that might be a bug in the TCP dissector or in your registration of the heuristic dissector.

Guy Harris gravatar imageGuy Harris ( 2018-01-31 20:47:01 +0000 )edit