Wireshark mailing list archives
Re: how does the wireshark print the contents of the packets
From: 刘昆 <liukunmeister () gmail com>
Date: Thu, 16 Sep 2010 16:01:59 +0800
于 2010年09月15日 23:04, Jaap Keuter 写道:
On Wed, 15 Sep 2010 22:34:41 +0800, 刘昆<liukunmeister () gmail com> wrote:于 2010年09月15日 19:13, Jaap Keuter 写道:Hi, You'll find an interface between the wiretap library providing input and the dissection engine in epan/packet.c:dissect_packet(). Here the packet data is encapsulated in a TVB and presented to the top level dissector. Thanks, Jaap On Wed, 15 Sep 2010 15:17:51 +0800, 刘昆<liukunmeister () gmail com> wrote:If I want to understand how the wireshark print the contents of the packets wireshark just as the table at the bottom in wireshark GUI,which files should I read. In fact,I just want to find out the array which save the data of the packet wireshark has captured so that I can do some work with the data.As http protocol,should I read the files packet-http.c under the directory wireshark/epan/dissectors or other files?I have read the epan/packet.c:dissect_packet() .However I am still not very clear about where the data is.Do you mean the edt->tvb save the packet data ?Hi, Indeed edt->tvb is the object containing your packet data, to be accessed through its interface functions. Thanks, Jaap ___________________________________________________________________________ Sent via: Wireshark-dev mailing list<wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Thank you very much. I have found the packet data in edt->tvb.Actually I have noticed edt->tvb- >real_data get the packet data through the argument const guchar *pd in dissect_packet() .However I can't find where dissect_packet() is called.Where pd come from.For http protocol,I can't find that dissect_packet() is called in wireshark/epan/dissectors/packet-http.c ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- how does the wireshark print the contents of the packets 刘昆 (Sep 15)
- Re: how does the wireshark print the contents of the packets Jaap Keuter (Sep 15)
- Re: how does the wireshark print the contents of the packets 刘昆 (Sep 15)
- Re: how does the wireshark print the contents of the packets Jaap Keuter (Sep 15)
- Re: how does the wireshark print the contents of the packets 刘昆 (Sep 16)
- Re: how does the wireshark print the contents of the packets Jaap Keuter (Sep 16)
- Re: how does the wireshark print the contents of the packets 刘昆 (Sep 15)
- Re: how does the wireshark print the contents of the packets Jaap Keuter (Sep 15)