I am writing a dissector of a non-stateless protocol atop TCP. Suppose that there are multiple TCP streams with the same addr1/port1 and addr2/port2 pair, and that I want to assign each one a separate conversation, how to distinguish them within my dissecting context? Any guidance will be appreciated. Thanks. asked 27 Sep '15, 19:22  Peng Zheng |
One Answer:
I guess you can use the tcp.stream index. It's counted up for each new conversation using the same 5-tuple. See also https://blog.packet-foo.com/2015/05/port-numbers-reused/ answered 27 Sep '15, 19:24  Jasper ♦♦ |
"assign each one a separate conversation", TCP already does it (create conversation) for me, so all I have to do is to check whether a per conversation data for my own protocol exists, if not, just create one and add it to the conversation. Right?