Re: how does the wireshark print the contents of the packets

[Jaap Keuter <jaap.keuter () xs4all nl>]

On Wed, 15 Sep 2010 22:34:41 +0800, 刘昆 <liukunmeister () gmail com> wrote:
> 于 2010年09月15日 19:13, Jaap Keuter 写道:
> > Hi,
> >
> > You'll find an interface between the wiretap library providing input
> > and the dissection engine in epan/packet.c:dissect_packet(). Here the
> > packet data is encapsulated in a TVB and presented to the top level
> > dissector.
> >
> > Thanks,
> > Jaap
> >
> > On Wed, 15 Sep 2010 15:17:51 +0800, 刘昆<liukunmeister () gmail com>  wrote:
> >
> > > If I want to understand how the wireshark print the contents of the
> > > packets wireshark just as the table at the bottom in wireshark GUI,which
> > > files should I read. In fact,I just want to find out the array which
> > > save the data of the packet wireshark has captured so that I can do some
> > > work with the data.As http protocol,should I read the files
> > > packet-http.c under the directory wireshark/epan/dissectors or other files?
> I have read the epan/packet.c:dissect_packet() .However I am still not 
> very clear about where the data is.Do you mean the edt->tvb save the 
> packet data ?

Hi,

Indeed edt->tvb is the object containing your packet data, to be
accessed through its interface functions. 

Thanks,
Jaap
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe