Ask Your Question

Wireshark Debug. Where packet data is stored?

asked 2019-07-10 06:43:12 +0000

JustPlayin gravatar image

I am currently debugging Wireshark to find out the field in which the SSH packet data is stored. I have my breakpoint in the function:

ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo, struct ssh_flow_data *global_data, int offset, proto_tree *tree, int is_response, gboolean *need_desegmentation)

Can someone of you tell me where the data is stored? I cannot find it...

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-07-10 08:53:12 +0000

grahamb gravatar image

In the structure pointed to by tvb.

edit flag offensive delete link more


Thanks grahamb. It is somehow possible to access the fields of this structure? Since when I try, I get an error that the size of the struct is unknown...

Edit: It seems like I found how to access the fields using the functions provided by tvbuff.c. @grahamb maybe you can tell me how is the best way to find out the needed offset to get the real_data using the method tvb_memcpy?

JustPlayin gravatar imageJustPlayin ( 2019-07-11 06:21:50 +0000 )edit

Offset to what? The data in the tvb contains the rest of the packet after the previous dissectors have processed their part of the packet, i.e. each dissector starts processing at offset 0.

grahamb gravatar imagegrahamb ( 2019-07-11 09:50:47 +0000 )edit

Offset to the real_data field.

JustPlayin gravatar imageJustPlayin ( 2019-07-11 10:28:08 +0000 )edit

I think we're mis-communicating here. The offset parameter of tvb_memcpy() indicates how far into the data you want the copy to start from, so use 0 for the start of data for the current dissector.

grahamb gravatar imagegrahamb ( 2019-07-11 10:36:43 +0000 )edit

And as size do I take the size of the struct? so sizeof(tvb)?

JustPlayin gravatar imageJustPlayin ( 2019-07-12 08:09:27 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-07-10 06:43:12 +0000

Seen: 105 times

Last updated: Jul 10 '19