Hi,

I would know how to extract a string from a packet, manipulate it and display it easily using the wireshark API.

My string has a lenght of 10, I need to put a comma between the 6th and 7th characters and display it in the tree.

asked 03 Apr '11, 12:42

chronidev's gravatar image

chronidev
11557
accept rate: 0%

edited 03 Apr '11, 12:42


There's probably a cleaner way to do this, but this is a quick-and-dirty way to accomplish adding these things to the tree as a single string.

proto_item_append_text(item, "%s,%s,%s",
    tvb_get_ephemeral_string(tvb, offset, 6),     /*before the commas */
    tvb_get_ephemeral_string(tvb, offset + 6, 1), /*between the commas */
    tvb_get_ephemeral_string(tvb, offset + 7, 3)) /*after the commas to the end */

If you need to be able to filter one these strings, you'll need to do this differently, obviously, but for now, using tvb_get_ephemeral_string lets you ignore the strings after the call since the data will be copied into the tree, and the buffers will be automatically freed after dissecting the packet has finished. Since you know the length of the string, there's no need to use tvb_get_*_stringz, since those functions are dangerous (there's no guarantee the NULL was sent correctly with the rest of the packet).

These functions are documented in epan/proto.h (proto_item_append_text) and epan/tvbuff.h (tvb_*). If you need a different method of doing this, you should check those files for different functions that might satisfy your requirements.

link

answered 05 Apr '11, 07:12

multipleinterfaces's gravatar image

multipleinte...
1.2k91534
accept rate: 12%

edited 05 Apr '11, 14:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
11.6k227146

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×335
×120

Asked: 03 Apr '11, 12:42

Seen: 2,542 times

Last updated: 05 Apr '11, 14:08

powered by OSQA