This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi all,

I work on a protocol built on top of HTTP on the port 4321 for example. I have Wireshark 1.4.2

First I register the HTTP protocol for the port 4321 but it seems that HTTP messages are very well reassembled. Often http PDU are reassembled but sometimes not. I read that there are bugs to reassemble HTTP message because it is diffcult to calculate their size.

So, since my HTTP messages are quite simple, I would like to write a dissector that reassemble HTTP messages on the port 4321 and then invoke the original http dissector with the complete message. I tried according to http://wiki.wireshark.org/Lua/Dissectors to write a script that reassemble an HTTP message of size 443. Here is the code:

http_wrapper_proto = Proto("DPWS", "DPWS")

function http_wrapper_proto.dissector(buffer, pinfo, tree) pinfo.cols.protocol = "HTTP-Wrapper"

if (buffer:len() < 443) then
    pinfo.desegment_len = 443 - buffer:len() + 1
    pinfo.desegment_offset = buffer:len()
    return (buffer:len() - 443)
end
    -- Here the message is complete

end

But it does not work. I don't keep in the buffer the data of the previous call as explained in the README.developers.

Anybody can help me to solve the HTTP reassembly bug or the problem in my code?

Thank you in advance.

Sandrine Beauche.

asked 15 Dec '10, 05:52

Sandrine%20Beauche's gravatar image

Sandrine Bea...
16224
accept rate: 0%

edited 15 Dec '10, 05:56

Anybody have any idea??

(16 Dec '10, 00:44) Sandrine Bea...

have you solved the issue? because I'm experiencing similar problems and this might be wireshark lua api bug

(08 Nov '11, 16:43) ShomeaX
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×637
×431
×78

question asked: 15 Dec '10, 05:52

question was seen: 6,286 times

last updated: 08 Nov '11, 17:16

p​o​w​e​r​e​d by O​S​Q​A