Wireshark mailing list archives
Re: Decompress Data
From: Max Dmitrichenko <dmitrmax () gmail com>
Date: Fri, 7 Oct 2011 13:51:13 +0400
2011/10/7 Marcel Haas <inf462 () fh-worms de>:
And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ?
It is simple. 1) You have to know the size of decompressed data, e.g. in buffer_size variable. 2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g. you have pointer to alloced buffer called buffer_ptr. 3) Decompress you data into that buffer. 4) call child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr, buffer_size, buffer_size); 5) call add_new_data_source(pinfo, child_tvb, "Decompressed Data"); 6*) Optionally you can dissect child_tvb as any usual TVB. In the GUI you'll get the decompressed data into another tab called "Decompressed Data" or any other name you provide in step 5. -- Max ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Max Dmitrichenko (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data fab12 (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Max Dmitrichenko (Oct 07)
- Re: Decompress Data Stephen Fisher (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 10)
- Re: Decompress Data Marcel Haas (Oct 10)