beefy80
Apr 03, 2014Nimbostratus
Calculating a two byte header in message payload
Hello I am currently writing a logging event to capture a message but I am finding that by enabling the TCP::collect event the processing is being slowed down by as much as 2 seconds. As the messages are variable length we have a two byte prefix in front of the message that gives the payload length minus the two byte header e.g. <0x00 0x04> <\x02 12 \x03> I want to try capturing the prefix and calculate the message length from this and then apply a check to see once the message length is reached call TCP::release to try and speed this process up. I am struggling to calculate the two byte header and hoping someone may be able to assist me. I have been dabbling with Binary Scan but cannot get the correct result.
Thank you James