Jarolin, Robert a écrit :
>
> I discovered what the problem was with the dissection.
> It turns out that "tcp_dissect_pdus" does not work properly if the
> packet(s) have "TCP CHECKSUM INCORRECT"
>
> I took the data (4 packets) that had the data segmented and rebuilt
> the packet header data including the TCP header using text2pcap.
>
> When I tried to dissect these packets (that now had proper TCP
> checksums), my dissector correctly desegmented the data.
> I then edited the packets to just change the TCP checksum and tried
> again. The packets can no longer be desegmented.
>
This is the normal wireshark behavior.
>
> Any ideas what to do about this issue?
>
Turn off "Validate the TCP checksum ..." into Edit / Preferences /
Protocols / TCP.
Olivier
>
> Thanks.
>
> See my original message below:
>
> vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
>
>
> I have a dissector that uses tcp_dissect_pdus that does not seem to be
> doing the job. Please help.
> I have a dump that contains 4 TCP packets that are all related to the
> same message (a total of 4428 bytes).
> The first 3 packets are a length of 1460 bytes and the last 48 bytes
> => 1460 * 3 + 48 = 4428
> When dissection takes place, the desegmentation does not seem to
> properly occur.
>
> Under the TCP portion of the dissection it properly says:
> [PDU Size: 4428]
> But the data available for dissection is only the size of the first
> packet (1460)
>
> What I am doing wrong? Thanks for any help.
>
> Below are excerpts from my dissector:
>
> #define FRAME_HEADER_LEN 4
>
> *static void*
> *dissect_myproto_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree
> *tree)*
> {
> /* Check that there's enough data */
> total_len = tvb_length(tvb);
> printf("Total_len = %u\n", total_len); //* THIS prints 1460*
> .
> // Dissect my data
> .
> }
>
> *static guint*
> *get_myproto_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)*
> {
> guint length = 0;
>
> // myproto message (length is 2 bytes starting at offset 0 * 4)
> length = (guint) ( tvb_get_ntohs( tvb, offset ) * 4 ); // Get the
> length
>
> printf("TOTAL of mesage = %u\n", length); //* This prints 4428*
> return length;
> }
>
>
> /* Code to actually dissect the packets */
> *static void*
> *dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)*
> {
> tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
> get_myproto_message_len, dissect_myproto_message);
> }
>
>
> Confidentiality Notice: This e-mail (including any attachments) is
> intended only for the recipients named above. It may contain
> confidential or privileged information and should not be read, copied
> or otherwise used by any other person. If you are not a named
> recipient, please notify the sender of that fact and delete the e-mail
> from your system.
> ------------------------------------------------------------------------
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <[email protected]>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
