Wireshark mailing list archives

Re: How to extract a string


From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Fri, 04 Dec 2009 08:15:25 +0100

Hi,

Anders is right, neither highlighted 0x06 nor 0x05 gives you the string length.
Leaves you with FT_STRINGZ to display the string in the protocol tree.

Thanks,
Jaap

Anders Broman wrote:
Hi,

 From the picture below it looks like you are reading the length from offset

0x43 the bytes would then be; starting with the high lighted 0x06 which 
is high lighted by

By proto_add_item with length 1.

06 05 44 72 61 6d 61 65 6e 67 00

Loc_name length would then be 0x0605 as you are reading two octets with 
tvb_get_ntohs()

Then you are adding the “string”  0x05 44 .. as offset is just moved one 
byte with a length of

0x0605 with proto_add_item probably causing a “malformed packets” as you 
are trying to read

outside of the tvb.

 

Best regards

Anders

 

 

------------------------------------------------------------------------

*Från:* wireshark-dev-bounces () wireshark org 
[mailto:wireshark-dev-bounces () wireshark org] *För *Rach, Darshan
*Skickat:* den 4 december 2009 04:58
*Till:* wireshark-dev () wireshark org
*Ämne:* [Wireshark-dev] How to extract a string

 

Hi,

 

How to extract a string from packet (of Hex values)?

I know the string length.

 

 

I tried doing the following. But I am still not able to find it.

 

guint16 loc_name_length =0;

 

/*Location Name Length*/

proto_tree_add_item(oqtp_tree, hf_loc_name_length, tvb, 
packet_field_offset, 1, FALSE);

loc_name_length = tvb_get_ntohs(tvb, packet_field_offset);

packet_field_offset += 1;

 

/*Location Name*/

proto_tree_add_item(oqtp_tree, hf_loc_name, tvb, 
packet_field_offset,loc_name_length ,FALSE);

packet_field_offset = packet_field_offset + loc_name_length + 1;

 

Any help on this would be appreciated.

 

Regards,

Darshan

 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread: