This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Reassemble Problem atop UDP

0

hi,

so i am developing a dissector for decoding a specified protocol atop udp. so the whole data is in the pdu of udp.

so i cannot show you the code because of it is not allowed to me!

so i describe.

There was another reassemble problem here in the askings by chris: so i looked and tryed anything but it does not work.

ok, for example there are four packets noticed. these four belong together. so they have an sequence id which i am using in frag_msg for reassembling. More Over in the protocl is specified a msg_number and a total number. in example case these on is 4. so now i want to reassemble these 4 packets with the same sequence id. so i get 4 fragments. YES???

ok my code gets 4 packets but never i see in the info column "Reassembled Message"?

so the packets have some header stuff which i hang on the display tree and after a few steps my reassemble code is used. now in the packet its possible that maybe one block beginning in the first packet has 3000byte. so in the first there are maybe 800 byte i have to decode in the following way. After the header there is a blockinfo with how much byte it does have and so on. If this bytecount is longer than the packet i have to use the payload of the second packet.

so i thought reassembling puts me the wohle rest of every payload of the "linked" packets to this new_tvb and shows "Reassembled message", but this does not work. but for correct decoding i have to get all of these payload in ones because of how i described one block can "overlap" in to the payload of the next package.

so some more information: before reassembling i put the header infos and other stuff to the visible tree in wireshark and after this i reassemble. My whole dissecting code is just in one dissect function? Could this be the problem? Do i have to first reassemble and then calling a new one dissector??

i dont know, 3 weeks of working so hard and i does not have any idea.

One more to reassemble.

How i can make it possible to add links between the fragments that are belonging together, so the first packet should have a link in the dissector tree to the second packet, you know?

so after all, my dissector is written as a plugin it isnt a build in!

sorry for bad englisch

if something missing to understand it completely plz answer also!

plz help me!!!

one thing to add. how can i change the highlight colors in wireshark. so maybe if i have packet of this type i want green backing. is there any possibility to set these colours within the dissector so something like

if message reassembled -> backing color = green

thanks a lot!!!!

asked 15 Dec '11, 07:38

Anthracis's gravatar image

Anthracis
1333
accept rate: 0%

edited 15 Dec '11, 07:47

i had forgotton. my control if more fragments are avaible ist something like this:

msg_number < total_number

so it should work but it doesnt!

(15 Dec '11, 07:40) Anthracis

One Answer:

0

Since we cannot see your code, and your description is 'complex', I would recommend to look at the RTP dissector. It runs on top of UDP and has reassembly build in. You can learn and copy from that.

answered 15 Dec '11, 15:22

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

thx so far i will have a look at

(19 Dec '11, 02:49) Anthracis