On Fri, Jul 27, 2007 at 10:14:51AM -0400, yin sun wrote: > The other way is, as I know the whole TCP stream is dedicated for this > java object stream, so in theory I just need to reassemble all of them > into one big buffer. Then the question is,
> 1. for static file (packets captured already), is there a function to > reassemble all tcp packets into one buffer? (similar to trace tcp > stream) You can reassemble all TCP segments up to the segment with the FIN bit set by using the method of TCP reassembly mentioned in section 2.7.2 of doc/README.developer. The one change you need to make to that sample code is to change DESEGMENT_ONE_MORE_SEGMENT to DESEGMENT_UNTIL_FIN. > 2. for live capture, can I do this. When my plugin is decoding, the > buffer is growing as well to append all incoming packets. The method above will work the same for packets in a capture file as well as during a live capture. Steve _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
