On Dec 16, 2009, at 2:51 PM, Martin Visser wrote:
Your "protocol" needs to convey this information - there is nothing
in TCP that knows when the SDU (Service Data Unit) is carrying is
finished. Basically you have two options. Either your protocol (that
defines that those 5000 bytes is a Protocol Data Unit) needs to
provide a header (indicating at least the length) OR a trailer,
that has some sort of a delimiter (say a NULL character or CRLF)
that indicates your PDU is finished. Together this is basically
known as framing, by which you indicate the begin and end of your
data units.
Regards, Martin
MartinVisser99@xxxxxxxxx
On Thu, Dec 17, 2009 at 8:27 AM, Chun Chan <chun_chan@xxxxxxxxx>
wrote:
Hi
I am writing a sniffer but I couldnt understand some things about
tcp reassembly.
firstly I send a data via socket 5000 bytes. then tcpip stack split
into three tcp packets. but this is not ip fragmentation. I think
this is tcp segmentation.
but I can not understand when I will sniff this packet How can I
defragment this packet?
I need to understand when finished 5000 bytes.
I will waiting your reply
Additionally, refer to section 2.7 ("Reassembly/desegmentation for
protocols running atop TCP.") of doc/README.developer in the source
tree. Future questions about dissector creation are best sent to wireshark-dev@xxxxxxxxxxxxx
mailing list after subscribing, even though a number of us are on
both lists.
Steve
