wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: [Wireshark-dev] 4 Bytes too much in tvb

[Wireshark-dev] 4 Bytes too much in tvb

From: Michael Biener Biener <MBiener_at_nospam>
Date: Mon Oct 25 2010 - 08:56:43 GMT
To: wireshark-dev@wireshark.org

Hello everybody,

I implemented a dissector plugin for a special protokoll used in my Company, I Use tcp_dissect_pdus to reassemble the tcp Pakcets. Everthyng is working fine when Sending Data from CLient to Server, all Protokollitems shown well in the Wireshark tree. But on the response form Server the lenght detection fails because tvb is 4 Byte Bigger then the TCP offset.

For exapmle The TCP Data Segement ist 36 Byte( Shown Correct in Wireshark Window ) But tvb has length of 40 BYTE im Reading the Lenth of A Message at Position 6, so now there comes a very big number because im now 4 Byte erlier then realy wanted.

Any Idea? did I Something wrong?

My Code looks like this:

static guint get_qcom_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
    //Len of 1. Object
    guint nLen1 = (guint)tvb_get_letohl( tvb, offset+ 6 );
    //Len of 2. Object
    guint nLen2 = (guint)tvb_get_letohl( tvb, offset+ 10 );

    return nLen1 + nLen2 +15; //Length of both Objects + header
}

Kind Regards

Michael Biener

-- GRATIS! Movie-FLAT mit Ă¼ber 300 Videos. Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe