Re: [Wireshark-dev] I want to print the string tvb->real_data on the ubuntu terminal

Tue, 26 Oct 2010 19:28:17 -0700 

于 2010年10月27日 01:25, Guy Harris 写道:
> On Oct 26, 2010, at 7:43 AM, 刘昆 wrote:
>
>    
>> In fact,I want to program to filter some certain URL or IP address in the 
>> packet but not the header just as when we use proxy to access a web ,the 
>> real URL is not in the header,but in the packet.
>> And  when I find the tvb->real_data maybe the payload,and I use gdb to print 
>> (command:"print tvb->real_data") ,then I get a string showed on the terminal
>>
>> "const guint8 *) 0x8b53042 "GET http://www.baidu.com/ HTTP/1.1\r\nHost:
>> www.baidu.com\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
>> rv:1.9.2.11) Gecko/20101013 Linux Mint/9 (Isadora)
>> Firefox/3.6.11\r\nAccept: text/html,applic"...
>>
>> We can see the "www.baidu.com" displayed. And the string "www.baidu.com" is 
>> just I need,
>>      
> We can see it twice - once in the URI, and once in the Host: header.
>
> Where are you putting the code?  If you're doing this with a tap, the tap 
> listener gets passed a structure with two "char *" members, one of which, if 
> not null, points to the URI for the request, and the other of which, if not 
> null, points to the host from the Host: header.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list<[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>               mailto:[email protected]?subject=unsubscribe
In fact I want add some codes base on wireshark.Now,I think I could add 
the codes in packet-http.c:dissect_http .I want process the string 
including "GET www.baidu.cocm..........." when wireshark dissect http 
protocol.All I want to know is just how to process the tvb->real_data to 
fetch the string just like gdb print

"const guint8 *) 0x8b53042 "GET http://www.baidu.com/ HTTP/1.1\r\nHost:
www.baidu.com\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9.2.11) Gecko/20101013 Linux Mint/9 (Isadora)
Firefox/3.6.11\r\nAccept: text/html,applic"...




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to