Wireshark - 0.99.7 Guide de l'utilisateur Page 124
- Page / 147
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
9.4. How to reassemble split packets
Some protocols have times when they have to split a large packet across multiple other packets. In
this case the dissection can't be carried out correctly until you have all the data. The first packet
doesn't have enough data, and the subsequent packets don't have the expect format. To dissect these
packets you need to wait until all the parts have arrived and then start the dissection.
9.4.1. How to reassemble split UDP packets
As an example, let's examine a protocol that is layered on top of UDP that splits up its own data
stream. If a packet is bigger than some given size, it will be split into chunks, and somehow signaled
within its protocol.
To deal with such streams, we need several things to trigger from. We need to know that this packet
is part of a multi-packet sequence. We need to know how many packets are in the sequence. We also
need to know when we have all the packets.
For this example we'll assume there is a simple in-protocol signaling mechanism to give details. A
flag byte that signals the presence of a multi-packet sequence and also the last packet, followed by
an ID of the sequence and a packet sequence number.
msg_pkt ::= SEQUENCE {
.....
flags ::= SEQUENCE {
fragment BOOLEAN,
last_fragment BOOLEAN,
.....
}
msg_id INTEGER(0..65535),
frag_id INTEGER(0..65535),
.....
}
Example 9.15. Reassembling fragments - Part 1
#include <epan/reassemble.h>
...
save_fragmented = pinfo->fragmented;
flags = tvb_get_guint8(tvb, offset); offset++;
if (flags & FL_FRAGMENT) { /* fragmented */
tvbuff_t* new_tvb = NULL;
fragment_data *frag_msg = NULL;
guint16 msg_seqid = tvb_get_ntohs(tvb, offset); offset += 2;
guint16 msg_num = tvb_get_ntohs(tvb, offset); offset += 2;
pinfo->fragmented = TRUE;
frag_msg = fragment_add_seq_check(tvb, offset, pinfo,
msg_seqid, /* ID for fragments belonging together */
msg_fragment_table, /* list of message fragments */
msg_reassembled_table, /* list of reassembled messages */
msg_num, /* fragment sequence number */
tvb_length_remaining(tvb, offset), /* fragment length - to the end */
flags & FL_FRAG_LAST); /* More fragments? */
We start by saving the fragmented state of this packet, so we can restore it later. Next comes some
protocol specific stuff, to dig the fragment data out of the stream if it's present. Having decided it is
present, we let the function fragment_add_seq_check do its work. We need to provide this with a
certain amount of data.
• The tvb buffer we are dissecting.
• The offset where the partial packet starts.
Packet dissection
110
- 24295 for Wireshark 0.99.7 1
- Table of Contents 4
- 1. Foreword 8
- 3. Acknowledgements 10
- 4. About this document 11
- Part I. Wireshark Build 15
- Environment 15
- Chapter 1. Introduction 16
- 1.2. What is Wireshark? 17
- 1.3.1. Unix 18
- 1.3.2. Linux 18
- 1.3.3. Microsoft Windows 19
- Wireshark 20
- 1.5.1. Binary distributions 22
- 1.6.1. Advantages 23
- 1.7.1. Website 24
- 1.7.2. Wiki 24
- 1.7.3. FAQ 24
- 1.7.4. Other sources 24
- 1.7.5. Mailing Lists 24
- 1.7.7. Reporting Problems 25
- Don't send large files! 26
- Chapter 2. Quick Setup 28
- 2.2.2. Install Cygwin 29
- 2.2.3. Install Python 30
- 2.2.6. Prepare cmd.exe 31
- 2.2.7. Verify installed tools 31
- 2.2.8. Install Libraries 32
- 2.2.9. Distclean Sources 32
- 2.2.10. Build Wireshark 32
- Quick Setup 34
- 3.1. Introduction 35
- 3.3.3. Buildbot Snapshots 38
- 3.3.4. Released sources 39
- 3.4.2. ... from zip files 40
- 3.5. Build Wireshark 41
- 3.6. Run generated Wireshark 43
- 3.7.1. Win32 native 44
- 3.9. Contribute your changes 46
- 3.9.2. Generate a patch 47
- 3.9.4. Code Requirements 48
- 3.10.1. Using patch 51
- 3.10.2. CVS diff (obsolete) 51
- 3.12. Binary packaging 54
- Chapter 4. Tool Reference 57
- 4.2. Win32: Cygwin 58
- Win32: Warn! 59
- 4.3.4. make (GNU Make) 60
- 4.4.3. cl.exe (C Compiler) 64
- 4.4.4. nmake.exe (Make) 65
- 4.4.5. link.exe (Linker) 65
- 4.4.7. Windows (Platform) SDK 67
- 4.4.8. HTML Help 67
- 4.4.9. Debugger 68
- 4.5. bash 69
- 4.6. python 70
- 4.7. perl 71
- 4.8. sed 72
- 4.9. yacc (bison) 73
- 4.10. flex 74
- 4.11.2. Win32 native: svn 75
- 4.13. diff (optional) 77
- 4.14. patch (optional) 78
- 4.17. Win32: NSIS (optional) 81
- Tool Reference 82
- Chapter 5. Library Reference 83
- 5.2. Binary library formats 84
- 5.3.1. Initial download 85
- 5.4.1. Unix 87
- 5.4.2. Win32 MSVC 87
- 5.5. Net-SNMP (optional) 88
- 5.6. GNU adns (optional) 89
- 5.7. PCRE (optional) 90
- 5.8. zlib (optional) 91
- 5.9.1. Unix: libpcap 92
- 5.9.2. Win32 MSVC: WinPcap 92
- 5.10. GnuTLS (optional) 93
- 5.11. Gcrypt (optional) 94
- 5.12. Kerberos (optional) 95
- 5.13. LUA (optional) 96
- 5.14. PortAudio (optional) 97
- Library Reference 99
- (incomplete) 100
- 6.1. Introduction 101
- 6.2. Overview 102
- 6.3. Capturing packets 104
- 6.4. Capture Files 105
- 6.5. Dissect packets 106
- How Wireshark Works 107
- Chapter 7. Introduction 108
- 7.2. Coding styleguides 109
- 7.3. The GLib library 110
- Introduction 111
- Chapter 8. Packet capturing 112
- Packet capturing 113
- Chapter 9. Packet dissection 114
- 9.2. Adding a basic dissector 115
- Example 9.3. Dissection 116
- Packet dissection 122
- 9.5. How to tap protocols 129
- 9.7. How to use conversations 132
- Chapter 10. User Interface 134
- 10.2. The GTK library 135
- #if GTK_MAJOR_VERSION >= 2 136
- 10.3. GUI Reference documents 138
- User Interface 139
- 10.5. Widget naming 140
© 2020, manymanuals.fr. Tous droits réservés | 2.692 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels