Hi everybody, i wrote my own lua dissector for packets up to the max size of 1440 Bytes. But I would like to capture bigger data packets (e.g. 12k) which a splittet in smaller packets. Is this possible to write a protocoll which capture more than one packet and put these into one "virtuell" big? If the answer is yes please give me a hint where I can find it or how I can do that. Thanks folks Dennis asked 23 Nov '10, 06:34  modula |
One Answer:
The answer to this may depend on what's splitting the packets. If your protocol is transmitted over TCP, for instance, you can look at http://wiki.wireshark.org/Lua/Dissectors to see how to use the TCP reassembly functions of Wireshark from within a lua dissector. If instead it's over something like UDP, then your protocol handling code will have to do the reassembly. Because your dissector will be called once for each packet, this implies that you'll need to have some persistent storage outside of the dissector routine to "remember" the various packet pieces until you have enough to reassemble. answered 02 Jan '11, 08:22  beroset |
