Ethereal-dev: Re: [Ethereal-dev] TCP reconstruction WAS:[Another Stupid Question]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 15 Feb 2001 11:35:46 -0800 (PST)
> So, there *is* a way to do it with Ethereal?

There is code in Ethereal that does some amount of TCP data stream
reassembly.

This is inequivalent to "there is code in Ethereal that allows a
dissector running atop TCP to get a sequenced data stream from the TCP
dissector" - all there is, right now, is the "Follow TCP Stream" code,
and that just writes out the raw bytes of the data stream to a file, and
displays it as text.

So the answers to your questions are:

> Is there a dissector that already does it,

"No, there isn't"

and

> or could you point me at the functions that would give me one
> contiguous block?

"No, he can't, as there's no code in Ethereal that can give a
*dissector* a contiguous TCP data stream."

(Furthermore, there is no code in Ethereal that will *ever* be able to
*guarantee* a contiguous data stream, unless, if some data in the stream
simply isn't in the capture, it pretends the connection was broken -
note that the connection won't necessarily have been broken at that
point, it may just be that the capture doesn't happen to contain some
TCP segment even though it went over the wire.)