This is a static archive of our old Q&A Site. Please post any new questions and answers at

Lua TCP reassembly


Hi all,

I work on a protocol built on top of HTTP on the port 4321 for example. I have Wireshark 1.4.2

First I register the HTTP protocol for the port 4321 but it seems that HTTP messages are very well reassembled. Often http PDU are reassembled but sometimes not. I read that there are bugs to reassemble HTTP message because it is diffcult to calculate their size.

So, since my HTTP messages are quite simple, I would like to write a dissector that reassemble HTTP messages on the port 4321 and then invoke the original http dissector with the complete message. I tried according to to write a script that reassemble an HTTP message of size 443. Here is the code:

http_wrapper_proto = Proto("DPWS", "DPWS")

function http_wrapper_proto.dissector(buffer, pinfo, tree) pinfo.cols.protocol = "HTTP-Wrapper"

if (buffer:len() < 443) then
    pinfo.desegment_len = 443 - buffer:len() + 1
    pinfo.desegment_offset = buffer:len()
    return (buffer:len() - 443)
    -- Here the message is complete


But it does not work. I don't keep in the buffer the data of the previous call as explained in the README.developers.

Anybody can help me to solve the HTTP reassembly bug or the problem in my code?

Thank you in advance.

Sandrine Beauche.

asked 15 Dec '10, 05:52

Sandrine%20Beauche's gravatar image

Sandrine Bea...
accept rate: 0%

edited 15 Dec '10, 05:56

Anybody have any idea??

(16 Dec '10, 00:44) Sandrine Bea...

have you solved the issue? because I'm experiencing similar problems and this might be wireshark lua api bug

(08 Nov '11, 16:43) ShomeaX