Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Lua dissector on 2 packets

Hello

I've a protocol that contain messages that may be split over 2 packets. Any suggestion and example on how to implement this would be appreciated.

Lua dissector on 2 packets

Hello

I've a protocol that contain messages that may be split over 2 packets. Any suggestion and example on how to implement this would be appreciated.

Lua LUA wireshark dissector on - combine data from 2 UDP packets

(21.9 - complete question revision) Hello

I have fixed size (lets say 100) protocol, based on the UDP. The protocol contains the header which indicates where the first complete sub-message is located (location 5 in the buffer). Sub-messages starts at location 10 and may vary in sizes.

Also, following scenario may occur.

Packet contains some some sub-messages where each one of them is dealt separately. However, it maybe that one of the sub-messages will be greater than the rest of the whole packet length (lets say that this sub-message length is starting at location 95 and its length is 12 bytes) and therefore the sub-message would be split into 2 packets as shown below - first part would be in packet x (5 bytes) and the rest in packet x+1 (7 bytes). In such case, in message x+1 first sub-message location indicator will be 17 instead of 10.

Any way, as the sub-message N is split, my applicative SW can't handle till the whole sub-message would be available and therefore I'd like to dissect packet N (N1+N2) in packet x+1.

Currently I have a dissector which can handle packets where the sub-message is not filling the whole buffer (i.e. sub-messages are less than 100 Bytes) or in case of packet x, it will parse only the 5 bytes. in case of packet x+1, it will start with sub-message 1 and will skip the N2.

I need some assistance with implementing the combining N1 with packet x+1 (except the header) so that it can be processed accordingly. I've a protocol found that contain messages that may be split over 2 packets. Any suggestion and I have to use the ByteArray to store the data between packet x and x+1 but getting lost with the implementation. Some code example on how to implement this with explanations would be appreciated.appropriated.

LUA wireshark dissector - combine data from 2 UDP packets

(21.9 - complete question revision) revision)

Hello

I have fixed size (lets say 100) protocol, based on the UDP. The protocol contains the header which indicates where the first complete sub-message is located (location 5 in the buffer). Sub-messages starts at location 10 and may vary in sizes.

Also, following scenario may occur.

Packet contains some some sub-messages where each one of them is dealt separately. However, it maybe that one of the sub-messages will be greater than the rest of the whole packet length (lets say that this sub-message length is starting at location 95 and its length is 12 bytes) and therefore the sub-message would be split into 2 packets as shown below - first part would be in packet x (5 bytes) and the rest in packet x+1 (7 bytes). In such case, in message x+1 first sub-message location indicator will be 17 instead of 10.

Any way, as the sub-message N is split, my applicative SW can't handle till the whole sub-message would be available and therefore I'd like to dissect packet N (N1+N2) in packet x+1.

Currently I have a dissector which can handle packets where the sub-message is not filling the whole buffer (i.e. sub-messages are less than 100 Bytes) or in case of packet x, it will parse only the 5 bytes. in case of packet x+1, it will start with sub-message 1 and will skip the N2.

I need some assistance with implementing the combining N1 with packet x+1 (except the header) so that it can be processed accordingly. I've found that I have to use the ByteArray to store the data between packet x and x+1 but getting lost with the implementation. Some code example with explanations would be appropriated.

LUA wireshark dissector - combine data from 2 UDP packets

(21.9 - complete question revision)

Hello

I have fixed size (lets say 100) protocol, based on the UDP. The protocol contains the header which indicates where the first complete sub-message is located (location 5 in the buffer). Sub-messages starts at location 10 and may vary in sizes.

Also, following scenario may occur.

Packet contains some some sub-messages where each one of them is dealt separately. However, it maybe that one of the sub-messages will be greater than the rest of the whole packet length (lets say that this sub-message length is starting at location 95 and its length is 12 bytes) and therefore the sub-message would be split into 2 packets as shown below - first part would be in packet x (5 bytes) and the rest in packet x+1 (7 bytes). In such case, in message x+1 first sub-message location indicator will be 17 instead of 10.

Protocol Structure

Any way, as the sub-message N is split, my applicative SW can't handle till the whole sub-message would be available and therefore I'd like to dissect packet N (N1+N2) in packet x+1.

Currently I have a dissector which can handle packets where the sub-message is not filling the whole buffer (i.e. sub-messages are less than 100 Bytes) or in case of packet x, it will parse only the 5 bytes. in case of packet x+1, it will start with sub-message 1 and will skip the N2.

I need some assistance with implementing the combining N1 with packet x+1 (except the header) so that it can be processed accordingly. I've found that I have to use the ByteArray to store the data between packet x and x+1 but getting lost with the implementation. Some code example with explanations would be appropriated.

LUA wireshark dissector - combine data from 2 UDP packets

(21.9 - complete question revision)

Hello

I have fixed size (lets say 100) protocol, based on the UDP. The protocol contains the header which indicates where the first complete sub-message is located (location 5 in the buffer). Sub-messages starts at location 10 and may vary in sizes.

Also, following scenario may occur.

Packet contains some some sub-messages where each one of them is dealt separately. However, it maybe that one of the sub-messages will be greater than the rest of the whole packet length (lets say that this sub-message length is starting at location 95 and its length is 12 bytes) and therefore the sub-message would be split into 2 packets as shown below - first part would be in packet x (5 bytes) and the rest in packet x+1 (7 bytes). In such case, in message x+1 first sub-message location indicator will be 17 instead of 10.

Protocol Structure

Any way, as the sub-message N is split, my applicative SW can't handle till the whole sub-message would be available and therefore I'd like to dissect packet N (N1+N2) in packet x+1.

Currently I have a dissector which can handle packets where the sub-message is not filling the whole buffer (i.e. sub-messages are less than 100 Bytes) or in case of packet x, it will parse only the 5 bytes. in case of packet x+1, it will start with sub-message 1 and will skip the N2.

I need some assistance with implementing the combining N1 with packet x+1 (except the header) so that it can be processed accordingly. I've found that I have to use the ByteArray to store the data between packet x and x+1 but getting lost with the implementation. Some code example with explanations would be appropriated.

LUA wireshark dissector - combine data from 2 UDP packets

(21.9 - complete question revision)

Hello

I have fixed size (lets say 100) protocol, based on the UDP. The protocol contains the header which indicates where the first complete sub-message is located (location 5 in the buffer). Sub-messages starts at location 10 and may vary in sizes.

Also, following scenario may occur.

Packet contains some some sub-messages where each one of them is dealt separately. However, it maybe that one of the sub-messages will be greater than the rest of the whole packet length (lets say that this sub-message length is starting at location 95 and its length is 12 bytes) and therefore the sub-message would be split into 2 packets as shown below - first part would be in packet x (5 bytes) and the rest in packet x+1 (7 bytes). In such case, in message x+1 first sub-message location indicator will be 17 instead of 10.

Protocol StructureProtocol Structure

Any way, as the sub-message N is split, my applicative SW can't handle till the whole sub-message would be available and therefore I'd like to dissect packet N (N1+N2) in packet x+1.

Currently I have a dissector which can handle packets where the sub-message is not filling the whole buffer (i.e. sub-messages are less than 100 Bytes) or in case of packet x, it will parse only the 5 bytes. in case of packet x+1, it will start with sub-message 1 and will skip the N2.

I need some assistance with implementing the combining N1 with packet x+1 (except the header) so that it can be processed accordingly. I've found that I have to use the ByteArray to store the data between packet x and x+1 but getting lost with the implementation. Some code example with explanations would be appropriated.