[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Digest, Vol 134, Issue 2
From: Jeff Morriss <jeff.morriss.ws () gmail ! com>
Date: 2017-07-14 19:19:34
Message-ID: CAKkq+FZc7+CjmJNb=UWWASkO6gsTUYjgR49pLo8RFcEDR0qzXg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, Jul 14, 2017 at 8:38 AM, David Schaeffer <david.schaeffer2@gmail.com
> wrote:
>
>> On Wed, Jul 12, 2017 at 1:42 PM, David Schaeffer <
>> david.schaeffer2@gmail.com
>> > wrote:
>>
>> > Hi folks.
>> >
>> > I'm currently working on pulling specific data from a packet once
>> they've
>> > clicked on some packet detail. For example, if the user clicks on a bit
>> > code in the packet body, I want to also pull the source IP address of
>> that
>> > packet. Is there a way to search the packet body by field name or
>> pulling
>> > the packet details into an object of some sort to parse this
>> information?
>> > Thanks for any assistance you can offer in this matter.
>> >
>>
>> Can you give a bit more context? I assume that this is the context of
>> writing a protocol dissector? What are you planning to do with, for
>> example, the IP address?
>> ***********************************************
>>
> Sure. So the goal of this is to allow us to graph bit codes from a packet
> that has already be dissected by a custom packet dissector. We're making it
> so a user can right-click on the bit code they would like to graph, select
> graph, and it'll bring up the IOGraph with that data, 0 or 1. The problem
> is we have multiple PLCs sending the same bit codes so just grabbing a
> filter for solely the bit code doesn't work, as it pulls from every PLC. I
> need to grab the IP address with it to track the specific bit code from
> that specific PLC.
>
> Currently, I've been abusing the clipboard and copy functions built in to
> grab the filter for the field selected but as mentioned, it pulls every PLC
> status. I'd like to grab whatever the user clicked on AND the source IP
> address of said PLC while still keeping the code as generalized as possible
> to push back to main. If there was some way to say ipaddress =
> Foo.getFieldByName(sourceIP) or something along those lines, that would
> resolve my issue.
>
> I'm a junior dev, so it is quite possible I'm missing something obvious.
> This is a large code base and my first experience with one as such.
>
[Just a side note: development questions are probably better sent to the
-dev list.]
Sounds like `pinfo->src` would work for you--i.e., it sounds like you
probably have access to `pinfo` where you are so you can pull the IP
address from there.
[Attachment #5 (text/html)]
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul \
14, 2017 at 8:38 AM, David Schaeffer <span dir="ltr"><<a \
href="mailto:david.schaeffer2@gmail.com" \
target="_blank">david.schaeffer2@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"> <br>
On Wed, Jul 12, 2017 at 1:42 PM, David Schaeffer <<a \
href="mailto:david.schaeffer2@gmail.com" \
target="_blank">david.schaeffer2@gmail.com</a><br> > wrote:<br>
<br>
> Hi folks.<br>
><br>
> I'm currently working on pulling specific data from a packet once \
they've<br> > clicked on some packet detail. For example, if the user clicks \
on a bit<br> > code in the packet body, I want to also pull the source IP address \
of that<br> > packet. Is there a way to search the packet body by field name or \
pulling<br> > the packet details into an object of some sort to parse this \
information?<br> > Thanks for any assistance you can offer in this matter.<br>
><br>
<br>
Can you give a bit more context? I assume that this is the context of<br>
writing a protocol dissector? What are you planning to do with, for<br>
example, the IP address?<br>
******************************<wbr>*****************<br></blockquote><div>Sure. So \
the goal of this is to allow us to graph bit codes from a packet that has already be \
dissected by a custom packet dissector. We're making it so a user can right-click \
on the bit code they would like to graph, select graph, and it'll bring up the \
IOGraph with that data, 0 or 1. The problem is we have multiple PLCs sending the same \
bit codes so just grabbing a filter for solely the bit code doesn't work, as it \
pulls from every PLC. I need to grab the IP address with it to track the specific bit \
code from that specific PLC. <br><br></div><div>Currently, I've been abusing the \
clipboard and copy functions built in to grab the filter for the field selected but \
as mentioned, it pulls every PLC status. I'd like to grab whatever the user \
clicked on AND the source IP address of said PLC while still keeping the code as \
generalized as possible to push back to main. If there was some way to say ipaddress \
= Foo.getFieldByName(sourceIP) or something along those lines, that would resolve my \
issue.<br><br></div><div>I'm a junior dev, so it is quite possible I'm \
missing something obvious. This is a large code base and my first experience with one \
as such.<br></div></div></div></div></blockquote><div><br></div><div>[Just a side \
note: development questions are probably better sent to the -dev \
list.]<br><br></div><div>Sounds like `pinfo->src` would work for you--i.e., it \
sounds like you probably have access to `pinfo` where you are so you can pull the IP \
address from there.<br><br></div></div></div></div>
[Attachment #6 (text/plain)]
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic