Ask Your Question
0

Dealing with Fragmentation/Reassembly

asked 2020-11-20 07:54:28 +0000

I've got a custom protocol that supports fragmentation and allowing out of order reassembly. This is natively supported on IPv4. and I want to do a reassembly similar to how Analyze/Follow/TCP streams are done. Would this be difficult to hook into WireShark dissector or will I need to get more into the source code to be able to program this?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-11-20 08:53:28 +0000

grahamb gravatar image

See README.dissector in the source tree, Sect. 2.7 discusses reassembly and 2.7.1 discusses reassembly for protocols that aren't running on top of tcp.

Yes, you will have to get into the source code to fix this and it's one of the more complicated dissector areas.

edit flag offensive delete link more

Comments

Thanks for the feedback. I already have an idea how to write it from scratch. It looks like it will just be easier to write my own tool than to go through trying to get up to speed on the WireShark code.

mrhee2u gravatar imagemrhee2u ( 2020-11-20 09:20:23 +0000 )edit

The Wireshark code is closely coupled to dissectors and so isn't suitable for external use.

grahamb gravatar imagegrahamb ( 2020-11-20 09:33:55 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-11-20 07:54:28 +0000

Seen: 15 times

Last updated: Nov 20