Dear Abhik, Thank you very much for your help.
But, do you think IMF packet always exist in all smtp conversations? Because i need to extract these parameters from all SMTP email communications. Thank you in advance. with best regards, On Wed, Jun 11, 2008 at 11:19 PM, Abhik Sarkar <[EMAIL PROTECTED]> wrote: > Hi Goitom, > > I am not sure if you still have two requirements as you had earlier > (one for extraction of the from, to, subject and date fields and one > for display of these in a separate diaglog), but as I have suggested > before, I think you are better off using the IMF dissector instead of > the SMTP dissector. The IMF dissector supports extraction of all these > fields already. > > So, if you want to setup the tap, I think you are better off tapping > IMF. I think the best place would be in the "while(!last_field)" loop > in the dissect_imf function of epan/packet-imf.c. Just compare the > value of "key" against "from", "to", "subject" and "date" (after the > part the key has been converted to lower case) and you are on your > way! > > If you want to display the records in a dialog, you will probably want > to base the dialog off the expert infos dialog (Analyze > Expert > Info). You can have columns for Frame number, From, To, Subject and > Date. Or, as I have suggested before, you can use the custom columns > feature (see the attached screenshot with a sample file from the WS > wiki). > > Unless you have some very specific requirements, I think the above > should work for you. I honestly hope this is of some help. > > Good luck! > Abhik > PS: While researching this, I came across a bug > (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2595) in the SMTP > dissector, so be sure to have your coloring rules turned on. > > On Tue, Jun 10, 2008 at 9:54 PM, goitom kahsay <[EMAIL PROTECTED]> > wrote: > > Dear Steve, > > > > Thank you very much for you help. > > Yes, I created gtk/export_object_smtp.c ,gtk/export_object2.c, > > export_object2.h and packet-smtp.h similar to gtk/export_object_http.c > > ,gtk/export_object.c,export_object.h and packet-http.h. and it dissplays > > some thing unreadable characters. > > > > But i doubt about retrieving the parameters from the > > packet-smtp.c(dissect_smtp_data) fuction which is used to display the > data > > line by line to the protocol tree. Do u think it is possible to retrieve > > these value from that function using tap mechanism? > > > > Thank u in advance. > > with best regards, > > > > On Mon, Jun 9, 2008 at 9:10 PM, Stephen Fisher <[EMAIL PROTECTED] > > > > wrote: > >> > >> On Fri, Jun 06, 2008 at 09:03:43PM +0300, goitom kahsay wrote: > >> > >> > I retrieved the parameters from the packet-smtp.c /dissect_smtp_data > >> > fuction which is used to display the data line by line at the protocol > >> > tree. i used a tap mechanism as follows. > >> > >> > But, the content of the parameter doesnot display on the GUI. Please > >> > can u help me any idea how to solve this problem. * > >> > >> Did you also create a gtk/export_object_smtp.c similar to > >> gtk/export_object_http.c and also add the new functions in > >> export_object_smtp.c to the File - Export - Objects menu as "SMTP" ? > >> > >> > >> Steve > >> > >> _______________________________________________ > >> Wireshark-dev mailing list > >> Wireshark-dev@wireshark.org > >> https://wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > -- > > Benice2all > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@wireshark.org > > https://wireshark.org/mailman/listinfo/wireshark-dev > > > > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > https://wireshark.org/mailman/listinfo/wireshark-dev > > -- Benice2all
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
