Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP Packets with multiple NetIDE packets not decoded correctly #2

Open
schwabe opened this issue Nov 25, 2015 · 1 comment
Open

IP Packets with multiple NetIDE packets not decoded correctly #2

schwabe opened this issue Nov 25, 2015 · 1 comment
Assignees
@andres-beato

Comments

@schwabe
Copy link

schwabe commented Nov 25, 2015

Looking at the MinJa1.pcap.pcapng:

Decoding the ZTMP lua decoder:

image

You see frame 120 has 4 data frames (= 4 NetIDE messages)

And with our dissector:

image
@ElisaRojas
Copy link
Member

Thank you @schwabe ,

@andres-beato has checked it and the NetIDE dissector is not currently supporting this (it just reads the first message and the rest is considered as part of the payload). He's also been checking if there is some way of reusing the ZMQ dissector (because it's a lua). The easiest solution would be to check the ZMQ header (it indicates the length of the message) and dissect NetIDE messages as a list of tuples: ZMQ header + NetIDE message. What do you think? Any other idea?

At least this is not a problem right now for the "internal" debugger (which only takes NetIDE messages and not the TCP segments), but it should be addressed for the "stand-alone" version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andres-beato andres-beato

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schwabe @ElisaRojas @andres-beato