It is a dissector. The data field of the pinfo->src address structure ( (pinfo->src).data ) contains gibberish - no IP address. What could be the cause of this?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Thursday, January 03, 2008 10:45 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] How to get Destination IP in plugin Diaconou, Alex wrote: > I am developing a plugin for test purposes on our system, and I need to > extract the destination IP address of the packets so I know how to parse > the data on top of a TCP packet. So is this a plugin dissector or a plugin tap? If it's a dissector, then: > Is there an API or other method of > obtaining the IP address for comparison? yes - your dissector will be passed a packet_info pointer, which we'll call "pinfo", and: pinfo->src is an "address" structure with the packet's source address; pinfo->src is an "address" structure with the packet's destination address. NOTE: it could be an IPv4 or IPv6 address. An "address" structure has a member named "type" which could be AT_IPv4 or AT_IPv6 for the source or destination address of an IP packet. > I should note that I'm > developing in a windows environment in case that makes any difference. It doesn't - the APIs for getting and processing packet data are platform-independent. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
