Wireshark mailing list archives
Re: opening JPEG/JFIF files with Wireshark?
From: Németh Márton <nm127 () freemail hu>
Date: Sat, 17 Oct 2009 18:49:33 +0200
Hi, Guy Harris wrote:
On Oct 12, 2009, at 1:30 PM, Németh Márton wrote:as some wiki pages show ( http://wiki.wireshark.org/JPEG_JFIF and http://wiki.wireshark.org/TCP_Reassembly at Chapter Example) Wireshark understands the JPEG/JFIF file. Is there any way to open a raw JPEG/JFIF file similar to how the MP3 files can be opened? I guess something has to be done for this at the capture file formats. Where should I start?The wiretap subdirectory; that's where the capture file format stuff is done. You would need to add a WTAP_ENCAP_JPEG_JFIF value to the list of WTAP_ENCAP_ values in wtap.h, and add an entry to the encap_table_base[] table in wtap.c. As I remember, JPEG/JFIF files begin with a "magic number" signature, which is good - it means Wiretap can look for that signature to determine whether a file is a JPEG/JFIF file or not. You'd write a jpeg_jfif.c file with routines to support opening and reading those files; the open routine would look for the magic number and return 1 if the file is a JPEG/JFIF file, 0 if it's not, or -1 on an error. You'd put an entry for that routine in the open_routines_base[] table in file_access.c; it would be one of the files with "magic bytes in fixed locations". You'd then have the JPEG/JFIF dissector register itself in the "wtap_encap" table with the WTAP_ENCAP_JPEG_JFIF value. Note, however, that there's a limit of 64K on the size of a packet that can be returned by Wiretap, so you'd either have to cut the file data off at 64K, or supply each block as a separate "packet" and have a JPEG/JFIF "file" dissector reassemble those, with the "file" dissector registering with WTAP_ENCAP_JPEG_JFIF.
Thank you for the detailed description. With the help of your description and the description at wiretap/README.developer I could create a patch which can open JPEG/JFIF files directly from the disk: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4136 However, I have have some crashes with some JPEG files and I don't know from where it comes from. Regards, Márton Németh ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- opening JPEG/JFIF files with Wireshark? Németh Márton (Oct 12)
- Re: opening JPEG/JFIF files with Wireshark? Guy Harris (Oct 12)
- Re: opening JPEG/JFIF files with Wireshark? Németh Márton (Oct 17)
- Re: opening JPEG/JFIF files with Wireshark? Guy Harris (Oct 12)