Wireshark-dev: Re: [Wireshark-dev] [Wireshark] Reach Data

From: philippe alarcon <philippe.alarcon@xxxxxxx>
Date: Wed, 10 Jun 2009 15:13:39 +0200
Hello remy,

You will find here attached a dissector I have rapidly developed
that may help you to collect the data you want to dissect.

The dissector (named uniz) has the following behaviour :
once you have loaded a trace file,
each time you focus on a packet by clicking on it,
the dissector creates a text file and stored the data inside.
The name of the created text file is the number of the frame.
The data are stored with 16 bytes per line.

In order to use the dissector copy uniz.dll in plugins directory under Wireshark directory tree.
For example : C:\Program Files\Wireshark\plugins\1.1.2

I have tested it with another port number
because I have no trace file with your UDP packets
and UDP port numbers 1151 and 6155.

I have attached the source of the dissector.
So you can change it, as you want.

Regards
Philippe




> Date: Wed, 10 Jun 2009 13:35:53 +0200
> From: Remy.POINTEAU@xxxxxxxxxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] [Wireshark] Reach Data
>
> The aim of my project is to dissect the data.
> In an XML file, some definitions of structure are list (of the data part. So, my program have to collect the data field, compare it to th estructure and create a tree view.
> The aim is to dissect the data to find quickly the information in the data. In the first screen shot i gave you,
> we can see : data :
> 36 34 30 33 38 36 34 37 36 34 30 33 32 30 34 38 34 36 34 32 30 30 31 36
>
> In my program I want to dissect it to obtain :
> id : 36 34 30 33
> value : 38
> ...
> I give you a screen shot of my result.
>
> Thank you for your help
>
> Rémy
>
>
>
> -----Message d'origine-----
> De : wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]De la part de Guy Harris
> Envoyé : mercredi 10 juin 2009 11:53
> À : Developer support list for Wireshark
> Objet : Re: [Wireshark-dev] [Wireshark] Reach Data
>
>
>
> On Jun 10, 2009, at 2:01 AM, POINTEAU Remy wrote:
>
> > So, if I want just the data, I need to dissect all the packet again?
>
> Either you need to dissect the packet yourself or get a Wireshark
> protocol tree for the packet and extract that field.
>
> > In the exempl I give you, in the tree view, we can see a branch
> > named "data", do you know where can i find the source for this
> > implementation (the file source) ?
> >
> > because if i find it, I'll just have to catch the value and send it
> > to my program.
>
> So what *exactly* are you doing here?
>
> Are you adding code to Wireshark, writing your own program using
> libwireshark, or what?
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


Votre correspondant a choisi Hotmail et profite d'un stockage quasiment illimité. Créez un compte Hotmail gratuitement !

Attachment: uniz.7z
Description: application/7z-compressed