Thanks Jaap.
As I could understand there is no other stuff that wireshark does to map the name, apart from knowing the fh-to-fname relation. So if I look at the set of NFS packets which do not mention the filename, wireshark may not be able to display the name.
--
Thanks,
Nilesh
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Monday, September 13, 2010 8:49 PM
> To: Developer support list for Wireshark
> Cc: Tayade, Nilesh
> Subject: Re: [Wireshark-dev] How does wireshark extract the name of
> file from filehandle?
>
> Hi,
>
> The dissector must see the packet(s) which establish the
> relationship
> between name and handle before it can add this information to the
> packets which contain the handle only. It's that recreation of
> endpoint
> state which allows Wireshark to do that, and the cause of much
> memory
> grieve.
>
> Thanks,
> Jaap
>
>
> On Mon, 13 Sep 2010 03:35:38 -0400, "Tayade, Nilesh"
> <Nilesh.Tayade@xxxxxxxxxxxx> wrote:
> > Hi,
> >
> > I seek some help on getting the filename/directory name from
> filehandle.
> > I am working on parsing the NFS protocol packet. I can see in some
> of
> > the packet captures in wireshark - the filename is displayed in
> the
> > packet analysis window. But in actual byte stream the filename is
> NOT
> > present (it just shows the file handle). Could someone please help
> > understand how it extracts the name from filehandle?
> > Attached is the screenshot of packet, highlighting the temp_dir
> name.
> >
> > Byte stream:
> > 0000 00 30 48 bd 8b 4c 00 30 48 d6 7b 16 08 00 45 00 .0H..L.0
> > H.{...E.
> > 0010 00 b4 ea 42 40 00 40 06 53 bb c0 a8 3d 44 c0 a8 ...B@.@.
> > S...=D..
> > 0020 3d b1 03 ef 08 01 28 10 8d 57 ba fc 4b 7b 80 18 =.....(.
> > .W..K{..
> > 0030 01 f5 fc ec 00 00 01 01 08 0a 23 fd 71 76 28 8d ........
> > ..#.qv(.
> > 0040 66 e8 80 00 00 7c 4e 56 ff 6b 00 00 00 00 00 00 f....|NV
> > .k......
> > 0050 00 02 00 01 86 a3 00 00 00 03 00 00 00 04 00 00 ........
> > ........
> > 0060 00 01 00 00 00 38 00 09 36 a4 00 00 00 06 57 42 .....8..
> > 6.....WB
> > 0070 32 2d 36 38 00 00 00 00 00 00 00 00 00 00 00 00 2-68....
> > ........
> > 0080 00 07 00 00 00 00 00 00 00 01 00 00 00 02 00 00 ........
> > ........
> > 0090 00 03 00 00 00 04 00 00 00 06 00 00 00 0a 00 00 ........
> > ........
> > 00a0 00 00 00 00 00 00 00 00 00 14 01 00 00 01 00 08 ........
> > ........
> > 00b0 00 13 ef 68 66 00 03 f6 27 00 38 ec fc 13 00 00 ...hf...
> > '.8.....
> > 00c0 00 1f ..
> >
> >
> > P.S. Please include my email ID in the reply, as I am not
> subscribed to
> > the list.
> >
> > --
> > Thanks,
> > Nilesh
> > x46222
> > Yahoo IM: nilesh_tayade85
>
> ____________________________________________________________________
> _______
> Sent via: Wireshark-dev mailing list <wireshark-
> dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-
> request@xxxxxxxxxxxxx?subject=unsubscribe
