Wireshark mailing list archives
Re: How does wireshark extract the name of file from filehandle?
From: "Tayade, Nilesh" <Nilesh.Tayade () netscout com>
Date: Tue, 14 Sep 2010 02:04:33 -0400
Thanks Jaap. As I could understand there is no other stuff that wireshark does to map the name, apart from knowing the fh-to-fname relation. So if I look at the set of NFS packets which do not mention the filename, wireshark may not be able to display the name. -- Thanks, Nilesh
-----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev- bounces () wireshark org] On Behalf Of Jaap Keuter Sent: Monday, September 13, 2010 8:49 PM To: Developer support list for Wireshark Cc: Tayade, Nilesh Subject: Re: [Wireshark-dev] How does wireshark extract the name of file from filehandle? Hi, The dissector must see the packet(s) which establish the relationship between name and handle before it can add this information to the packets which contain the handle only. It's that recreation of endpoint state which allows Wireshark to do that, and the cause of much memory grieve. Thanks, Jaap On Mon, 13 Sep 2010 03:35:38 -0400, "Tayade, Nilesh" <Nilesh.Tayade () netscout com> wrote:Hi, I seek some help on getting the filename/directory name fromfilehandle.I am working on parsing the NFS protocol packet. I can see in someofthe packet captures in wireshark - the filename is displayed inthepacket analysis window. But in actual byte stream the filename isNOTpresent (it just shows the file handle). Could someone please help understand how it extracts the name from filehandle? Attached is the screenshot of packet, highlighting the temp_dirname.Byte stream: 0000 00 30 48 bd 8b 4c 00 30 48 d6 7b 16 08 00 45 00 .0H..L.0 H.{...E. 0010 00 b4 ea 42 40 00 40 06 53 bb c0 a8 3d 44 c0 a8 ...B@.@. S...=D.. 0020 3d b1 03 ef 08 01 28 10 8d 57 ba fc 4b 7b 80 18 =.....(. .W..K{.. 0030 01 f5 fc ec 00 00 01 01 08 0a 23 fd 71 76 28 8d ........ ..#.qv(. 0040 66 e8 80 00 00 7c 4e 56 ff 6b 00 00 00 00 00 00 f....|NV .k...... 0050 00 02 00 01 86 a3 00 00 00 03 00 00 00 04 00 00 ........ ........ 0060 00 01 00 00 00 38 00 09 36 a4 00 00 00 06 57 42 .....8.. 6.....WB 0070 32 2d 36 38 00 00 00 00 00 00 00 00 00 00 00 00 2-68.... ........ 0080 00 07 00 00 00 00 00 00 00 01 00 00 00 02 00 00 ........ ........ 0090 00 03 00 00 00 04 00 00 00 06 00 00 00 0a 00 00 ........ ........ 00a0 00 00 00 00 00 00 00 00 00 14 01 00 00 01 00 08 ........ ........ 00b0 00 13 ef 68 66 00 03 f6 27 00 38 ec fc 13 00 00 ...hf... '.8..... 00c0 00 1f .. P.S. Please include my email ID in the reply, as I am notsubscribed tothe list. -- Thanks, Nilesh x46222 Yahoo IM: nilesh_tayade85____________________________________________________________________ _______ Sent via: Wireshark-dev mailing list <wireshark- dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev- request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How does wireshark extract the name of file from filehandle? Tayade, Nilesh (Sep 13)
- Re: How does wireshark extract the name of file from filehandle? Jaap Keuter (Sep 13)
- Re: How does wireshark extract the name of file from filehandle? Tayade, Nilesh (Sep 15)
- Re: How does wireshark extract the name of file from filehandle? Jaap Keuter (Sep 13)