Lars Friedrichs wrote: > thanks for your reply. I know that the protocol is really misbehaving in > several ways but I am not the one who wrote it nor the one who may > change it. But from your answer I can conclude that it is not possible > to do so?!
Yes. Is the implementation of the protocol assuming that the only other implementations of the protocol with which it exchanges packets assigns the identification field in such a fashion as not to put arbitrary values into the IP identification field? And, therefore, is it assuming that, for example, this will cause no problems if any routers between the source and destination fragment any packets? If so, then the designer of the protocol really needs to study RFC 791 until their eyeballs bleeed. If you really need to dissect such an utterly broken protocol, you could try adding to the IP dissector code to have an "ip.id" dissector table. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
