Wireshark-dev: [Wireshark-dev] How does wireshark extract the name of file from filehandle?
From: "Tayade, Nilesh" <Nilesh.Tayade@xxxxxxxxxxxx>
Date: Mon, 13 Sep 2010 03:35:38 -0400
Hi,

I seek some help on getting the filename/directory name from filehandle.
I am working on parsing the NFS protocol packet. I can see in some of
the packet captures in wireshark - the filename is displayed in the
packet analysis window. But in actual byte stream the filename is NOT
present (it just shows the file handle). Could someone please help
understand how it extracts the name from filehandle?
Attached is the screenshot of packet, highlighting the temp_dir name.

Byte stream:
0000  00 30 48 bd 8b 4c 00 30  48 d6 7b 16 08 00 45 00   .0H..L.0
H.{...E.
0010  00 b4 ea 42 40 00 40 06  53 bb c0 a8 3d 44 c0 a8   ...B@.@.
S...=D..
0020  3d b1 03 ef 08 01 28 10  8d 57 ba fc 4b 7b 80 18   =.....(.
.W..K{..
0030  01 f5 fc ec 00 00 01 01  08 0a 23 fd 71 76 28 8d   ........
..#.qv(.
0040  66 e8 80 00 00 7c 4e 56  ff 6b 00 00 00 00 00 00   f....|NV
.k......
0050  00 02 00 01 86 a3 00 00  00 03 00 00 00 04 00 00   ........
........
0060  00 01 00 00 00 38 00 09  36 a4 00 00 00 06 57 42   .....8..
6.....WB
0070  32 2d 36 38 00 00 00 00  00 00 00 00 00 00 00 00   2-68....
........
0080  00 07 00 00 00 00 00 00  00 01 00 00 00 02 00 00   ........
........
0090  00 03 00 00 00 04 00 00  00 06 00 00 00 0a 00 00   ........
........
00a0  00 00 00 00 00 00 00 00  00 14 01 00 00 01 00 08   ........
........
00b0  00 13 ef 68 66 00 03 f6  27 00 38 ec fc 13 00 00   ...hf...
'.8.....
00c0  00 1f                                              ..


P.S. Please include my email ID in the reply, as I am not subscribed to
the list.

--
Thanks,
Nilesh
x46222
Yahoo IM: nilesh_tayade85

Attachment: nfs_packet.JPG
Description: nfs_packet.JPG