["goitom kahsay" <goitom.mit2@xxxxxxxxx>]

Dear Abhik,

Thank you very much for your help.

But, do  you  think   IMF  packet always exist  in  all  smtp conversations?    Because i need to extract these parameters from all SMTP email communications.


Thank you in advance.

with best regards,

On Wed, Jun 11, 2008 at 11:19 PM, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:

Hi Goitom,

I am not sure if you still have two requirements as you had earlier
(one for extraction of the from, to, subject and date fields and one
for display of these in a separate diaglog), but as I have suggested
before, I think you are better off using the IMF dissector instead of
the SMTP dissector. The IMF dissector supports extraction of all these
fields already.

So, if you want to setup the tap, I think you are better off tapping
IMF. I think the best place would be in the "while(!last_field)" loop
in the dissect_imf function of epan/packet-imf.c. Just compare the
value of "key" against "from", "to", "subject" and "date" (after the
part the key has been converted to lower case) and you are on  your
way!

If you want to display the records in a dialog, you will probably want
to base the dialog off the expert infos dialog (Analyze > Expert
Info). You can have columns for Frame number, From, To, Subject and
Date. Or, as I have suggested before, you can use the custom columns
feature (see the attached screenshot with a sample file from the WS
wiki).

Unless you have some very specific requirements, I think the above
should work for you. I honestly hope this is of some help.

Good luck!
Abhik
PS: While researching this, I came across a bug
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2595) in the SMTP
dissector, so be sure to have your coloring rules turned on.

On Tue, Jun 10, 2008 at 9:54 PM, goitom kahsay <goitom.mit2@xxxxxxxxx> wrote:
> Dear Steve,
>
>  Thank you very much for you help.
> Yes, I  created gtk/export_object_smtp.c ,gtk/export_object2.c,
> export_object2.h and  packet-smtp.h similar to gtk/export_object_http.c
> ,gtk/export_object.c,export_object.h and packet-http.h.  and it dissplays
> some thing unreadable characters.
>
> But i doubt about retrieving the parameters from the
> packet-smtp.c(dissect_smtp_data) fuction which is used to display the data
> line by line to the protocol tree. Do u think it is  possible to retrieve
> these value from that function using tap mechanism?
>
> Thank u in advance.
> with best regards,
>
> On Mon, Jun 9, 2008 at 9:10 PM, Stephen Fisher <stephentfisher@xxxxxxxxx>
> wrote:
>>
>> On Fri, Jun 06, 2008 at 09:03:43PM +0300, goitom kahsay wrote:
>>
>> > I retrieved the parameters from the packet-smtp.c /dissect_smtp_data
>> > fuction which is used to display the data line by line at the protocol
>> > tree. i used a tap mechanism as follows.
>>
>> > But, the content of the parameter doesnot display on the GUI. Please
>> > can u help me any idea how to solve this problem. *
>>
>> Did you also create a gtk/export_object_smtp.c similar to
>> gtk/export_object_http.c and also add the new functions in
>> export_object_smtp.c to the File - Export - Objects menu as "SMTP" ?
>>
>>
>> Steve
>>
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> --
> Benice2all
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev

-- 
Benice2all