Wireshark mailing list archives

Re: Digest, Vol 134, Issue 2

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Fri, 14 Jul 2017 15:19:34 -0400

On Fri, Jul 14, 2017 at 8:38 AM, David Schaeffer <david.schaeffer2 () gmail com

wrote:

On Wed, Jul 12, 2017 at 1:42 PM, David Schaeffer <
david.schaeffer2 () gmail com

wrote:

Hi folks.

I'm currently working on pulling specific data from a packet once

they've

clicked on some packet detail. For example, if the user clicks on a bit
code in the packet body, I want to also pull the source IP address of

that

packet. Is there a way to search the packet body by field name or

pulling

the packet details into an object of some sort to parse this

information?

Thanks for any assistance you can offer in this matter.


Can you give a bit more context?  I assume that this is the context of
writing a protocol dissector?  What are you planning to do with, for
example, the IP address?
***********************************************

Sure. So the goal of this is to allow us to graph bit codes from a packet
that has already be dissected by a custom packet dissector. We're making it
so a user can right-click on the bit code they would like to graph, select
graph, and it'll bring up the IOGraph with that data, 0 or 1. The problem
is we have multiple PLCs sending the same bit codes so just grabbing a
filter for solely the bit code doesn't work, as it pulls from every PLC. I
need to grab the IP address with it to track the specific bit code from
that specific PLC.

Currently, I've been abusing the clipboard and copy functions built in to
grab the filter for the field selected but as mentioned, it pulls every PLC
status. I'd like to grab whatever the user clicked on AND the source IP
address of said PLC while still keeping the code as generalized as possible
to push back to main. If there was some way to say ipaddress =
Foo.getFieldByName(sourceIP) or something along those lines, that would
resolve my issue.

I'm a junior dev, so it is quite possible I'm missing something obvious.
This is a large code base and my first experience with one as such.


[Just a side note: development questions are probably better sent to the
-dev list.]

Sounds like `pinfo->src` would work for you--i.e., it sounds like you
probably have access to `pinfo` where you are so you can pull the IP
address from there.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: Digest, Vol 134, Issue 2 David Schaeffer (Jul 14)
- Re: Digest, Vol 134, Issue 2 Jeff Morriss (Jul 14)
- Re: Dissecting packet details field by field Guy Harris (Jul 14)
  - Re: Dissecting packet details field by field Guy Harris (Jul 14)