Wireshark-dev: Re: [Wireshark-dev] how does the wireshark print the contents of the packets
On Wed, 15 Sep 2010 22:34:41 +0800, 刘昆 <liukunmeister@xxxxxxxxx> wrote:
> 于 2010年09月15日 19:13, Jaap Keuter 写道:
>> Hi,
>>
>> You'll find an interface between the wiretap library providing input
>> and the dissection engine in epan/packet.c:dissect_packet(). Here the
>> packet data is encapsulated in a TVB and presented to the top level
>> dissector.
>>
>> Thanks,
>> Jaap
>>
>> On Wed, 15 Sep 2010 15:17:51 +0800, 刘昆<liukunmeister@xxxxxxxxx> wrote:
>>
>>> If I want to understand how the wireshark print the contents of the
>>> packets wireshark just as the table at the bottom in wireshark GUI,which
>>> files should I read. In fact,I just want to find out the array which
>>> save the data of the packet wireshark has captured so that I can do some
>>> work with the data.As http protocol,should I read the files
>>> packet-http.c under the directory wireshark/epan/dissectors or other files?
>>>
> I have read the epan/packet.c:dissect_packet() .However I am still not
> very clear about where the data is.Do you mean the edt->tvb save the
> packet data ?
Hi,
Indeed edt->tvb is the object containing your packet data, to be
accessed through its interface functions.
Thanks,
Jaap