wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] I want to print the string tv

Re: [Wireshark-dev] I want to print the string tvb->real_data on the ubuntu terminal

From: Guy Harris <guy_at_nospam>
Date: Tue Oct 26 2010 - 17:25:25 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

On Oct 26, 2010, at 7:43 AM, 刘昆 wrote:

> In fact,I want to program to filter some certain URL or IP address in the packet but not the header just as when we use proxy to access a web ,the real URL is not in the header,but in the packet.
> And when I find the tvb->real_data maybe the payload,and I use gdb to print (command:"print tvb->real_data") ,then I get a string showed on the terminal
> "const guint8 *) 0x8b53042 "GET http://www.baidu.com/ HTTP/1.1\r\nHost:
> www.baidu.com\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
> rv: Gecko/20101013 Linux Mint/9 (Isadora)
> Firefox/3.6.11\r\nAccept: text/html,applic"...
> We can see the "www.baidu.com" displayed. And the string "www.baidu.com" is just I need,

We can see it twice - once in the URI, and once in the Host: header.

Where are you putting the code? If you're doing this with a tap, the tap listener gets passed a structure with two "char *" members, one of which, if not null, points to the URI for the request, and the other of which, if not null, points to the host from the Host: header.
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev