Re: HTTP reassemble and clear text displaying question

[Stephen Fisher <steve () stephen-fisher com>]

On Wed, Apr 13, 2011 at 07:53:08PM +0200, Cui Heng wrote:

>       If I have HTTP trace of libpcap format, I found wireshark can 
> perfectly reassemble the HTTP response data and parse its content(e.g. 
> HTML) in clear text. Can some one suggest me which src file(s) or part 
> of functions achieve this parsing?

The HTTP dissector handles this - it's in epan/dissectors/packet-http.c.  
> From there you'll see it pass off to functions from other files such as 
req_resp_hdrs_do_reassembly() in epan/req_resp_hdrs.c.  See also 
doc/README.developer, section 2.7 "Reassembly/desegmentation for 
protocols running atop TCP" for more details on how Wireshark's 
reassembly works.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe