Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Finding out the offset of a filtered field in tethereal
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 28 Jun 2006 07:55:07 +0000
Note that wireshark is probably as better place to ask questions. You can not do that. Wireshark doesnt support it. A whole bunch of the fields that wireshark presents in the dissection are purely generated/synthetic and dont actually exist in the packets themself. I.e. smb.time and friends On 6/28/06, Rohit Mediratta <rohit_medi@xxxxxxxxx> wrote:
Hi, I am using tethereal to capture a packet with a specific field (eg. Ip address of 1.1.1.1 ) and then modify the captured packet to send it out. I want this to be an automated script that i can use for various types of scnerios. I can easily capture the packet and filter it based on my field ( eg. Ip Address). But to modify the packet, I need to know the offset in the packet, where the field starts ( eg. src Ip address starts at byte 26 in a typical case). I want to avoid hardcoding the offset, since it can easily lead to wrong results (eg. if Vlan tags are enabled then everything shifts by 4 ). Would someone know of a way to obtain the offset of a certain field (eg. rsvp.msg == 1 returns the right packet, but how do i know which byte in the packet is rsvp.msg comparing against ? ) thanks, Rohit __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- Prev by Date: Re: [Wireshark-users] Cannot compile on FC5
- Next by Date: Re: [Wireshark-users] Cannot compile on FC5
- Previous by thread: Re: [Wireshark-users] Installation problem on FC4 ( ?? )
- Next by thread: [Wireshark-users] Setting SSL preference on Windows
- Index(es):