Wireshark-dev: [Wireshark-dev] Capture TCP reassembled protocol
Date: Wed, 29 Feb 2012 16:44:57 +0100
Hello

Is it correct to assume that if my dissector use the tcp_dissect_pdus to
reassemble my protocol, I have to start the capture before the TCP
connection is established?

I'm thinking that if I start the capture after the TCP reassembly module
will call my getlength function with the first "TCP segment" it receives
for my connection which my not correspond with an actual beginning of one
of the protocol message (or maybe for that reason it will never call the
getlength function).

But I never noticed this problem before so I guess I'm missing something...

Best regards
Fabien