Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] I want to print the string tvb->real_data on the ubuntu term

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: 刘昆 <liukunmeister@xxxxxxxxx>
Date: Tue, 26 Oct 2010 22:43:38 +0800
于 2010年10月26日 14:13, Guy Harris 写道: 
On Oct 25, 2010, at 8:46 PM, 刘昆 wrote:

  
In fact ,all I need to print is just the URL or IP address in the 
payload.I think the URL or IP address should be printable?
    
The URL should be printable.

The IP address, if you mean the IP address in the IP header, is *NOT* printable; in an IP datagram, it's encoded as 4 octets for an IPv4 address and 16 octets for an IPv6 address.  If, instead, you mean the host name in the URL or in the Host: header, that is printable.

  
So can I fetch  the URL to print? And how?
    
What *exactly* is it that you're trying to do?  You might be able to do what you want with TShark and the "-e" option - the URI in a request is the field named "http.request.uri".  The IP source address is the field named "ip.src" or "ipv6.src", and the IP destination address is the field named "ip.dst" or "ipv6.dst".  The host name in the "Host:" header is the field named "http.host" (*IF* the packet has a "Host:" header).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
I'm sorry .I think I didn't express my meaning correctly.
In fact,I want to program to filter some certain URL or IP address in the packet but not the header just as when we use proxy to access a web ,the real URL is not in the header,but in the packet.
And  when I find the tvb->real_data maybe the payload,and I use gdb to print (command:"print tvb->real_data") ,then I get a string showed on the terminal

"const guint8 *) 0x8b53042 "GET http://www.baidu.com/ HTTP/1.1\r\nHost:
www.baidu.com\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9.2.11) Gecko/20101013 Linux Mint/9 (Isadora)
Firefox/3.6.11\r\nAccept: text/html,applic"...

We can see the "www.baidu.com" displayed. And the string "www.baidu.com" is just I need,I mean by programming.As long as I get the string "www.baidu.com",then I can program to do some matching work with some data in the database.

At first,I thought "tvb->real_data" is just a string.So I want to print this string to do a test if I can get the result as the gdb print by using "printf("%s/n",tvb->real_data);" in the function dissect_http .  But I failed.

So now,I don't know how to use tvb->real_data to get the URL just as gdb print "GET http://www.baidu.com........".But now that gdb can print "tvb->real_data" as a string or a printabe text on  the terminal,I think I should fetch the data in "tvb->real_data" just as the gdb print.As long as I get the string just as the gdb print  "GET http://www.baidu.com ...................." I  can filter the URL "www.baidu.com" then do the matching work with the data in the database.

I think I  express my meaning clearly.

So what should I do to fetch the data in the "tvb->real_data" by programming just as the gdb print like a string .And then I can do the filtering and matching work.

                                                                                                                                                  Thank you very much
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube