THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Dealing with Fragmentation/Reassembly

I've got a custom protocol that supports fragmentation and allowing out of order reassembly. This is natively supported on IPv4. and I want to do a reassembly similar to how Analyze/Follow/TCP streams are done. Would this be difficult to hook into WireShark dissector or will I need to get more into the source code to be able to program this?

mrhee2u's avatar
1
mrhee2u
asked 2020-11-20 07:54:28 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

See README.dissector in the source tree, Sect. 2.7 discusses reassembly and 2.7.1 discusses reassembly for protocols that aren't running on top of tcp.

Yes, you will have to get into the source code to fix this and it's one of the more complicated dissector areas.

grahamb's avatar
23.8k
grahamb
answered 2020-11-20 08:53:28 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks for the feedback. I already have an idea how to write it from scratch. It looks like it will just be easier to write my own tool than to go through trying to get up to speed on the WireShark code.

mrhee2u's avatar mrhee2u (2020-11-20 09:20:23 +0000) edit
more
  • delete

The Wireshark code is closely coupled to dissectors and so isn't suitable for external use.

grahamb's avatar grahamb (2020-11-20 09:33:55 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer