Wireshark · Wireshark-dev: Re: [Wireshark-dev] where can I find the ip src address in packet-http.c

[Richard Sharpe <realrichardsharpe@xxxxxxxxx>]

On Mon, Dec 6, 2010 at 11:04 PM, 刘昆 <liukunmeister@xxxxxxxxx> wrote:
> 于 2010年12月07日 11:56, Guy Harris 写道:
>
> On Dec 6, 2010, at 7:48 PM, 刘昆 wrote:
>
> I have solve this problem about get ip address.However there is
> another question,When I print the ip address I notice there are two
> ip addresses I get.
>
> Yes, there are two IP addresses in every IP packet - the source address,
> pinfo->src, and the destination address, pinfo->dst.  pinfo->src has only
> one IP address, and pinfo->dot has only one IP address.
>
> I think this because there are two kinds of packet in or out.So how to judge
> a packet is in or out ?
>
> What do you mean by "in" and "out"?  For HTTP traffic, you usually have
> traffic going from the client (for example, a browser) to the server, and
> traffic going from the server to the client.  You would have to look at
> whether the packet is an HTTP request (which goes from the client to the
> server) or an HTTP reply (which goes from the server to the client) to
> determine in which direction the packet is going.
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> Yes,this is what exactly I mean.  So how should I judge a packet is a
> request or reply in packet-http.c?

Ummm, in request the dst port is 80, in a reply the src port is 80.
This is basic TCP/IP stuff.

-- 
Regards,
Richard Sharpe