This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

dissector for encapsulated tcp option data

0

Hi,

I'm writing a post-dissector, to process some bespoke TCP options.

Im having problems processing the TCP options where the TCP packet is encapsulated. Since TVB is the full buffer, I just want the offset of the TCP.OPTIONS ?

and process that!

or even better, how can i just take the tcp.options userdata, and process that? - I have to iterate over the tcp option data, as there can be many OPTIONS

thanks

asked 25 Mar '14, 07:33

JamesM's gravatar image

JamesM
11113
accept rate: 0%

One Answer:

1

How about using the "tcp.options" Field to get just the ByteArray of the TCP options?

Like so:

local myproto = Proto("MyTcpOpts","Fake proto example to get at TCP options")

local tcp_opts = Field.new("tcp.options")


function myproto.dissector(tvb,pinfo,tree)
local tcp_opt_finfo = tcp_opts()
if tcp_opt_finfo then
local bytearray = tcp_opt_finfo()
print("opts bytes length =" .. bytearray:len())
print("opts bytes in hex =" .. tostring(bytearray))


    -- do stuff to tcp options here

else
    print("no tcp options")
end



end


register_postdissector(myproto)

answered 25 Mar ‘14, 11:09

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Thanks for the response :)

I did try this, but had “newbie” issues manipulating the ByteArray.

Will give it another go!

(04 Apr ‘14, 15:16) JamesM