Decoding fragmented packets using Plugins

A place for developers to exchange information about extending OmniPeek, and ask technical questions about plugins on MyPeek, scripting, and programming.
Posts: 3
Joined: Wed Aug 06, 2008 10:19 am

Decoding fragmented packets using Plugins

Postby pkiran » Wed Aug 06, 2008 10:22 am

Hi all,

I'm planning to develop a plugin for decoding the fragmented packets. This plugin should put application layer data from a fragmented packet back together and insert whole packet back into capture buffer.

Can someone point me to some examples/functions of plugins which I can use to accomplish this kind of functionality?

Thanks and Regards,

Posts: 78
Joined: Thu May 22, 2008 9:36 am

Decoding fragmented packets using Plugins

Postby Spacepacket » Thu Aug 07, 2008 9:43 am

I have built a plugin for you that reassembles fragmented IP packets into whole packets. You can find the executable and the source in the MyPeek downloads section.

The Defragment plugin is a filter plugin. This means you have to set up an advanced analysis module filter on the Defragment plugin, and enable it. It will reassemble fragmented packets, discard the fragments, and allow all other packets to pass through.

This plugin works well with the PeekPlayer Plugin, which can fragment packets. I used the PeekPlayer Plugin to create the packets that the Defragment Plugin put back together again. Maybe I should bundle them together and call it the Humpty Dumpty Special. ... .php?id=85

Have fun!

Return to “Developers”

Who is online

Users browsing this forum: No registered users and 2 guests