Hi, In one of my protocols I receive an integer which represents an ip address. Like this : 180619876... (which means) = AC40A64 = 10.196.10.1 So I would like to have this integer display the ip address. That is, from 180619876 to 10.196.10.1 Is this possible, is there some easy way? Thank you in advance, BR asked 17 Jan '13, 07:38  harkap |
2 Answers:
if it's a custom protocol, you need a dissector anyway. Within that code you can do whatever your want, including any number format conversion. Some information how to develop a dissector.
Regards answered 17 Jan '13, 11:03  Kurt Knochner ♦ edited 17 Jan '13, 11:04 |
Is that an integer represented as 4 consecutive bytes (i.e., a binary integer), or is it an integer represented as some number of ASCII characters giving a decimal value? If it's just a binary integer, you could treat it in your dissector as being an IPv4 address type rather than an integer type, the same way a lot of other dissectors (such as, well, the IPv4 dissector) do. answered 17 Jan '13, 12:49  Guy Harris ♦♦ |
Hi,
Guy Harris : I think its a binary integer. What I do is that I paste the value in cals, and click hex. The result is AC40A64. Then I just manually look bytewise to get my ip address ( A means 10 , C4 means 196 etc. ).
Right now the code is
myprotocol.ip = ProtoField.uint8 ("myproto.ip", "ip")
and later down :
subtree:add (myprotocol.ip, buffer(offset, 4))
Kurt : I already have a dissector dissecting my protocol. The question is now how I can make it display ip address format of this field.
Thank you for your help
BR
Spelling error : cals, I mean calc. the windows calculator.
A uint8 field is one byte long; that's not long enough for an IPv4 address.
Even if it were long enough, by virtue of being a uint32 field, that still wouldn't be treated by Wireshark as an IPv4 address.
You want to create a field of type ipv4, i.e.
That field will be displayed as an IPv4 address.