| Issue 1: | split pcap problem |
1 of 7
Next ›
|
| 1 person starred this issue and may be notified of changes. | Back to list |
pcap文件按照协议映射字节长度分割重组包,出现问题:[Malformed Packet: SCTP]?
Nov 12, 2010
Project Member
#1
cn.wei.hp@gmail.com
Nov 12, 2010
Control Protocol dissection The user can control how protocols are dissected. Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. As Wireshark tries to find the right dissector for each packet (using static "routes" and heuristics "guessing"), it might choose the wrong dissector in your specific case. For example, Wireshark won't know if you use a common protocol on an uncommon TCP port, e.g. using HTTP on TCP port 800 instead of the standard port 80. There are two ways to control the relations between protocol dissectors: disable a protocol dissector completely or temporarily divert the way Wireshark calls the dissectors.
Nov 14, 2010
C.newip=ethhdr[14:34]
C.sctphdr=C.sctp[:(12+0)]
C.lastsctp=C.sctp[C.sctps[C.sctpNum]-12:]
while len(C.dumpnewsctp)<C.totallen:
C.dumpnewsctp +=editcaptag
|