I am working with pdml format. I am trying to determine the octets of a frame using the nodes of a frame in pdml (field, proto). sometimes there is a field (filter) called tcp.pdu.size which value is the octets of the payload. Why this filed is not presented always if tcp contains any upper layer protocol? for example if tcp contains http, then tcp.pdu.size not presented, but in case of diameter it is. why does not this node have a hidden attribute? asked 20 Aug '13, 02:34  HiB |
One Answer:
The field is populated if the protocol runing atop of TCP uses tcp_dissect_pdus() metod of doing reassembly (see readme.dissectors 2.7 and 2.7.1). The field isn't hidden as it wouldn't be visible in the GUI if it was and use of hidden fields are generaly discurraged as you would have to know about them to be able to use them. answered 21 Aug '13, 08:20  Anders ♦ |
Thanks! then I need to find another way to able to determine the octets of a packet (I am struggling with padding octets)