I am able to reassemble fragments successfully if there is a complete message. However if there are missing fragments my dissector continues to reassemble the next message along with the message that has the missing fragments. I can calculate how many fragments there are supposed to be before I begin reassembly but my first indication that there are missing fragments is when I come across the initial frame for the next fragmented packet. Is there a way that I can tell my reassembly to immediately stop reassembling at the previous fragment and begin a new reassembly at the current initial fragment. Either that or can I look at the next future packet to check if it is the next fragment or an initial fragment to another message? asked 09 Jun '17, 08:58  jpetersen |
One Answer:
The new fragment sequence should be using a new sequence id, so that the original sequence is left unreassembled. answered 09 Jun '17, 10:06  grahamb ♦ |
Thank you that worked.
For anyone facing a similar problem: I didn't have any sequence ID info in the header for the file so I just used the frame number of the initial fragment for my sequence ID.