Wireshark-users: Re: [Wireshark-users] Export Objects HTTP 2

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Fri, 22 Feb 2008 17:52:55 -0700
On Fri, Feb 22, 2008 at 08:02:54AM +0300, ms-design@xxxxxxx wrote:

> Tell, why not all content type saves export-> object-> HTTP???? mp3 
> Does not save???

All HTTP content with a content-type and payload is presented in the 
export object window.  Sometimes, especially on Windows, certain 
filenames cannot be saved due to them having invalid characters in them.  
Do you see the file that isn't saving in the export object list?
 
> It is possible, you to ask, in to describe how and where analysis 
> object HTTP becomes? I have not found where there is analysis JPG, 
> GIF, mp3 etc.??

The way the export object feature for HTTP works is that it runs as a 
tap in the HTTP dissector that saves the HTTP hostname, URI filename, 
content type header and then the actual payload data and length:

               /* Save values for the Export Object GUI feature if we have
                 * an active listener to process it (which happens when
                 * the export object window is open). */
                if(have_tap_listener(http_eo_tap)) {
                        eo_info = ep_alloc(sizeof(http_eo_t));

                        eo_info->hostname = conv_data->http_host;
                        eo_info->filename = conv_data->request_uri;
                        eo_info->content_type = headers.content_type;
                        eo_info->payload_len = next_tvb->length;
                        eo_info->payload_data = next_tvb->real_data;

                        tap_queue_packet(http_eo_tap, pinfo, eo_info);
                }

This data is then gathered by the gtk/export_object_http.c code and fed 
into gtk/export_object.c code for the actual GUI display.


Steve