---- Guy Harris <[email protected]> wrote:
>So if there are 250 bytes of BNP data (including:
msg id;
information element;
em id;
IE cluster;
IE count;
IE data;
more IEs)
then the count field would have a value of 250 - and the entire
message would be 253 bytes long, with a 3-byte BNP header and 250
>bytes of BNP data?
no sorry, any count (bnp, or ie count) is only the data. so if a bnp message
was actually 10 bytes long, the count would be 7.
Also, i've gotten my dissector to work if i dont use wireshark reassembly,
instead i would send it to my dll which would append a buffer and then return
the whole buffer at the end of a multi message for dissection...however, as i
have just figured out upon getting it to work, is that i have to select the
start packet of a multimesage first, then work my way down clicking on the
individual packets or it wont output correctly. So i do indeed need to figure
out how to get wireshark to reassemble instead of just trying to bypass it.
Thanks,
Greg
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
