Hello Abhik, I am not using any SVN version . I downloaded the tarball source code of wireshark and build under linux(ubuntu 6.06).
When i build wireshark (using the the make command), it displays the following at the end. Version configuration file version.conf not found. Using defaults. This is not a SVN build. Yes,I see subject,date ,from and to ,When I follow TCP stream after the DATA command. Thank u in advance. With Best Regards, On Mon, Jun 16, 2008 at 6:20 AM, Abhik Sarkar <[EMAIL PROTECTED]> wrote: > Hi Goitom, > > Have you tried the latest development version... I noticed some > differences in the behaviour of the IMF dissector between the stable > version 1.0.0 and the SVN version. > > Also, when you follow TCP stream, do you see the subject, date etc > immediately after the DATA command? > > Regards, > Abhik. > > On Sat, Jun 14, 2008 at 11:45 AM, goitom kahsay <[EMAIL PROTECTED]> > wrote: > > Dear Abhik, > > > > I really appriciate for your help. > > > > I am using wireshark version 1.0.0. > > > > I checked preferences->protocols->SMTP: > > > > Both Reassemble SMTP command and response lines spanning multiple TCP > > segments and Reassemble SMTP DATA commands spanning multiple TCP segments > > are enabled. > > > > Both view->colorize packet list and view-> coloring rules are also > enbled. > > > > If I open the sample-imf.pcap, I see IMF layer data in frame 69 and i > also > > open other sample files.But ,I donot see IMF on same of the sample files. > I > > also checked these files using the following commands. > > > > 1.$ tshark -r smtp.pcap -e imf.from -e imf.to -e imf.subject -T > > fields But, I couldnot see any of > the > > parameters. > > > > 2. $ tshark -V -r smtp.pcap | egrep "Subject:|From:|To:|Date:" The > > parameters displayed > > > > 3.Using FOLLOW TCP STREAM the parameters displayed. > > > > What do you think the reason for not displaying IMF on all the sample > files? > > or > > > > Do you think the sample files may have any problem? > > > > Thank you in advance, > > > > With Best Regards, > > > > > > On Thu, Jun 12, 2008 at 10:12 AM, Abhik Sarkar <[EMAIL PROTECTED]> > > wrote: > >> > >> Dear Goitom, > >> > >> My understanding is that SMTP (http://www.ietf.org/rfc/rfc2821.txt) is > >> only the envelope and the fields you are looking for are in IMF > >> (http://www.ietf.org/rfc/rfc2822.txt). Also see, > >> http://wiki.wireshark.org/IMF. > >> > >> So, in general, if I am looking for these fields in particular, I > >> would expect to find them in the message and not on the envelope :-) > >> > >> If I am mistaken, I am sure someone will correct me. > >> > >> Regards, > >> Abhik. > >> > >> On Thu, Jun 12, 2008 at 11:04 AM, goitom kahsay <[EMAIL PROTECTED]> > >> wrote: > >> > Dear Abhik, > >> > > >> > Thank you very much for your help. > >> > > >> > But, do you think IMF packet always exist in all smtp > >> > conversations? Because i need to extract these parameters from all > >> > SMTP > >> > email communications. > >> > > >> > > >> > Thank you in advance. > >> > > >> > with best regards, > >> > > >> > > >> > On Wed, Jun 11, 2008 at 11:19 PM, Abhik Sarkar < > [EMAIL PROTECTED]> > >> > wrote: > >> >> > >> >> Hi Goitom, > >> >> > >> >> I am not sure if you still have two requirements as you had earlier > >> >> (one for extraction of the from, to, subject and date fields and one > >> >> for display of these in a separate diaglog), but as I have suggested > >> >> before, I think you are better off using the IMF dissector instead of > >> >> the SMTP dissector. The IMF dissector supports extraction of all > these > >> >> fields already. > >> >> > >> >> So, if you want to setup the tap, I think you are better off tapping > >> >> IMF. I think the best place would be in the "while(!last_field)" loop > >> >> in the dissect_imf function of epan/packet-imf.c. Just compare the > >> >> value of "key" against "from", "to", "subject" and "date" (after the > >> >> part the key has been converted to lower case) and you are on your > >> >> way! > >> >> > >> >> If you want to display the records in a dialog, you will probably > want > >> >> to base the dialog off the expert infos dialog (Analyze > Expert > >> >> Info). You can have columns for Frame number, From, To, Subject and > >> >> Date. Or, as I have suggested before, you can use the custom columns > >> >> feature (see the attached screenshot with a sample file from the WS > >> >> wiki). > >> >> > >> >> Unless you have some very specific requirements, I think the above > >> >> should work for you. I honestly hope this is of some help. > >> >> > >> >> Good luck! > >> >> Abhik > >> >> PS: While researching this, I came across a bug > >> >> (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2595) in the > SMTP > >> >> dissector, so be sure to have your coloring rules turned on. > >> >> > >> >> On Tue, Jun 10, 2008 at 9:54 PM, goitom kahsay < > [EMAIL PROTECTED]> > >> >> wrote: > >> >> > Dear Steve, > >> >> > > >> >> > Thank you very much for you help. > >> >> > Yes, I created gtk/export_object_smtp.c ,gtk/export_object2.c, > >> >> > export_object2.h and packet-smtp.h similar to > >> >> > gtk/export_object_http.c > >> >> > ,gtk/export_object.c,export_object.h and packet-http.h. and it > >> >> > dissplays > >> >> > some thing unreadable characters. > >> >> > > >> >> > But i doubt about retrieving the parameters from the > >> >> > packet-smtp.c(dissect_smtp_data) fuction which is used to display > the > >> >> > data > >> >> > line by line to the protocol tree. Do u think it is possible to > >> >> > retrieve > >> >> > these value from that function using tap mechanism? > >> >> > > >> >> > Thank u in advance. > >> >> > with best regards, > >> >> > > >> >> > On Mon, Jun 9, 2008 at 9:10 PM, Stephen Fisher > >> >> > <[EMAIL PROTECTED]> > >> >> > wrote: > >> >> >> > >> >> >> On Fri, Jun 06, 2008 at 09:03:43PM +0300, goitom kahsay wrote: > >> >> >> > >> >> >> > I retrieved the parameters from the packet-smtp.c > >> >> >> > /dissect_smtp_data > >> >> >> > fuction which is used to display the data line by line at the > >> >> >> > protocol > >> >> >> > tree. i used a tap mechanism as follows. > >> >> >> > >> >> >> > But, the content of the parameter doesnot display on the GUI. > >> >> >> > Please > >> >> >> > can u help me any idea how to solve this problem. * > >> >> >> > >> >> >> Did you also create a gtk/export_object_smtp.c similar to > >> >> >> gtk/export_object_http.c and also add the new functions in > >> >> >> export_object_smtp.c to the File - Export - Objects menu as "SMTP" > ? > >> >> >> > >> >> >> > >> >> >> Steve > >> >> >> > >> >> >> _______________________________________________ > >> >> >> Wireshark-dev mailing list > >> >> >> [email protected] > >> >> >> https://wireshark.org/mailman/listinfo/wireshark-dev > >> >> > > >> >> > > >> >> > > >> >> > -- > >> >> > Benice2all > >> >> > _______________________________________________ > >> >> > Wireshark-dev mailing list > >> >> > [email protected] > >> >> > https://wireshark.org/mailman/listinfo/wireshark-dev > >> >> > > >> >> > > >> >> > >> >> _______________________________________________ > >> >> Wireshark-dev mailing list > >> >> [email protected] > >> >> https://wireshark.org/mailman/listinfo/wireshark-dev > >> >> > >> > > >> > > >> > > >> > -- > >> > Benice2all > >> > _______________________________________________ > >> > Wireshark-dev mailing list > >> > [email protected] > >> > https://wireshark.org/mailman/listinfo/wireshark-dev > >> > > >> > > >> _______________________________________________ > >> Wireshark-dev mailing list > >> [email protected] > >> https://wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > -- > > Benice2all > > _______________________________________________ > > Wireshark-dev mailing list > > [email protected] > > https://wireshark.org/mailman/listinfo/wireshark-dev > > > > > _______________________________________________ > Wireshark-dev mailing list > [email protected] > https://wireshark.org/mailman/listinfo/wireshark-dev > -- Benice2all
_______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
