Ask Your Question

dissector length

asked 2019-03-24 09:00:48 +0000

BMWE gravatar image

updated 2019-03-24 11:00:30 +0000


For some custom dissector I have following situation: (unfortunetly, it doesn't allows me to upload file. @moderators, please assist with that)

I have a message built from submessages. Those sub messages have different IDs and length. Those submessages not necessarily exists in each message, and not in the same location. For example:

 - message(Header, submessage1(id1, length1), submessage2(id2, length2),submessage3(id3, length1),...,submessageN(idN, lengthN), Checksum)
 - message(Header, submessage17(id17, length10), submessage3(id3, length1),submessage5(id5, length5),...,submessageN(idN, lengthN),Checksum)

I'd like to write a dissector for that message. The best solution that I see is that I will have a while loop in which it will check the message ID and call the submessage parsing.

I'd be glad if one can give me some hints on the implementation aspect.

Working with LUA dissection

Thank you

edit retag flag offensive close merge delete


You can post a link to your dissector source and any captures.

Most dissectors do something similar, iterate over the packet, reading values and dissecting based on those values. Nothing unusual there.

grahamb gravatar imagegrahamb ( 2019-03-24 09:39:59 +0000 )edit

Unfortunately, this is on my internal network (can't get it out). If there are some example of this, it would be very helpful

BMWE gravatar imageBMWE ( 2019-03-24 09:44:39 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-03-24 10:57:30 +0000

grahamb gravatar image

Have a look at the dissect_ip_options function in packet-ip.c.

That starts with an overall options length value, then loops over the options, reading the option length in each iteration and subtracting that from the overall length until there are no options left.

You could create a similar function for submessages, starting with the remaining length of the packet, then in the loop reading the submessage id and length, processing the submessage and going around the loop again (if there are bytes remaining.

edit flag offensive delete link more


Thank you!

Just one comment that I've forgot to mention - I'm working with LUA and not C

BMWE gravatar imageBMWE ( 2019-03-24 10:59:52 +0000 )edit

The approach would be similar.

grahamb gravatar imagegrahamb ( 2019-03-24 12:46:23 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-03-24 09:00:48 +0000

Seen: 257 times

Last updated: Mar 24 '19