Wireshark mailing list archives
Re: Getting data from pinfo
From: Guy Harris <guy () alum mit edu>
Date: Wed, 14 Apr 2010 23:38:44 -0700
On Apr 14, 2010, at 6:32 PM, Shawn Mayer wrote:
Yes I have the tap being called from the aim messaging part of the dissector, since its the only part of the AIM protocol I'm interested in. I have a struct created to put the IP and other data I'm interested into, I'm just not sure where I get the IP from.
In this case, you'd modify the part of the AIM dissector that puts the IP address in question into the protocol tree to also put the IP address into the structure. There *is* a way to get at the raw protocol tree in a tap, but not through the pinfo argument; it's through the edt argument. edt->tree is the protocol tree, but digging through that to find a particular AIM field could be a pain. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Getting data from pinfo Shawn Mayer (Apr 14)
- Re: Getting data from pinfo Guy Harris (Apr 14)
- Re: Getting data from pinfo Shawn Mayer (Apr 14)
- Re: Getting data from pinfo Guy Harris (Apr 14)
- Re: Getting data from pinfo Shawn Mayer (Apr 14)
- Re: Getting data from pinfo Guy Harris (Apr 14)
- Re: Getting data from pinfo Shawn Mayer (Apr 14)
- Re: Getting data from pinfo Guy Harris (Apr 14)