I work on a protocol built on top of HTTP on the port 4321 for example. I have Wireshark 1.4.2
First I register the HTTP protocol for the port 4321 but it seems that HTTP messages are very well reassembled. Often http PDU are reassembled but sometimes not. I read that there are bugs to reassemble HTTP message because it is diffcult to calculate their size.
So, since my HTTP messages are quite simple, I would like to write a dissector that reassemble HTTP messages on the port 4321 and then invoke the original http dissector with the complete message. I tried according to http://wiki.wireshark.org/Lua/Dissectors to write a script that reassemble an HTTP message of size 443. Here is the code:
http_wrapper_proto = Proto("DPWS", "DPWS")
function http_wrapper_proto.dissector(buffer, pinfo, tree) pinfo.cols.protocol = "HTTP-Wrapper"
But it does not work. I don't keep in the buffer the data of the previous call as explained in the README.developers.
Anybody can help me to solve the HTTP reassembly bug or the problem in my code?
Thank you in advance.
asked 15 Dec '10, 05:52
edited 15 Dec '10, 05:56