mailing list archives
Re: About "New Export Objects" --GSoC 2013
From: Guy Harris <guy () alum mit edu>
Date: Sat, 27 Apr 2013 23:27:55 -0700
On Apr 27, 2013, at 11:12 PM, "jin.huang" <54jin.huang () gmail com> wrote:
The wireshark export obects function can export png/jpeg/text... file from the http packet stream .But ,how do
wireshark konw the exact file format from the frame data?
Part of the data in that frame or a previous frame is an HTTP response or request, which probably contains a
Content-Type header. The Content-Type header includes the media type of the body of the response or request, which
indicates the data type of the object. Wireshark might, however, only use that to determine whether the format should
be thought of as text or binary data.
Wireshark, as far as I know, just dumps out the raw bytes transferred by read and write requests.
I don't know whether the DICOM protocol specifies the types of the objects being transferred. If not,
Wireshark may just dump out the raw bytes.
Ultimately, however, what matters is only whether the data is text or not. If it's text, then Wireshark should
probably converting the line endings to the line endings appropriate for the OS on which it's running (CR-LF for
Windows, LF for all flavors of UN*X). If it's binary, it should just dump out the raw bytes of the file. That might
be all that Wireshark does, if it even handles text specially. Files on both UN*X and Windows are just seekable byte
streams, without a file format indicator, so Wireshark doesn't need to know the file format - all it could do with the
file format is choose a default file extension.
For FTP, you could determine whether the file is text or binary only by seeing enough of the FTP session to see a TYPE
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe