wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] I want to print the string tv

Re: [Wireshark-dev] I want to print the string tvb->real_data on the ubuntu terminal

From: Guy Harris <guy_at_nospam>
Date: Tue Oct 26 2010 - 06:13:27 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

On Oct 25, 2010, at 8:46 PM, 刘昆 wrote:

> In fact ,all I need to print is just the URL or IP address in the
> payload.I think the URL or IP address should be printable?

The URL should be printable.

The IP address, if you mean the IP address in the IP header, is *NOT* printable; in an IP datagram, it's encoded as 4 octets for an IPv4 address and 16 octets for an IPv6 address. If, instead, you mean the host name in the URL or in the Host: header, that is printable.

> So can I fetch the URL to print? And how?

What *exactly* is it that you're trying to do? You might be able to do what you want with TShark and the "-e" option - the URI in a request is the field named "http.request.uri". The IP source address is the field named "ip.src" or "ipv6.src", and the IP destination address is the field named "ip.dst" or "ipv6.dst". The host name in the "Host:" header is the field named "http.host" (*IF* the packet has a "Host:" header).
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe