On Jan 10, 2013, at 5:07 PM, vineeth vijay wrote: > Hi All, > > Has the de-chunking of SCTP within wireshark been attempted yet? I noticed > some old conversations in mailing list in this regard, but nothing concrete > has turned up yet. While trying to do this in tshark, I have tried calling > tshark's process_packet() function from packet-sctp.c file in dissectors but > got nowhere due to linking issues. I feel the way to do this would be: > > 1) Create a global copy of entire frame at initial stage (Is there any other > way to access the entire frame structure from packet-sctp where ultimately > the decision whether to do de-chunking or not would be made. ) > 2) In case there are several chunks in the packet, allow the completion of > processing till first chunk and create composite tvbs consisting of > eth+ip+sctp_header+remaining_individual_chunks. > 3) Correct IP checksums and length in the composite Tvb. > 4) Process these tvb's individuallly. (Is this possible with the rule to have > a single capture file at a time?? Can a capture file structure be modified on > the fly?) > > Is the above process doable without breaking wireshark/tshark processing > structure? Can anybody suggest a better solution... Hi,
what problem are you trying to solve? Wireshark supports dissecting the upper layer paylaod for bundled DATA chunks for ages... Best regards Michael > > Vineeth > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
