This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

dissecting wireshark xml

0

Hello I need to dissect xml through wireshark if any approaches how to dissect the contents in xml through wireshark can any body help me please with sample of code and references ...

asked 17 Jul '14, 02:51

sagar's gravatar image

sagar
11445
accept rate: 0%

Do I understand you correctly that you want to dissect XML data using Wireshark? I think shoehorning an XML parser into the Wireshark dissection engine would be a much bigger effort and development headache than it's worth in that case. Why is an actual XML parser not suitable for your application? On the other hand, if you intend to analyze XML data within another protocol, that might be different. Can you clarify your intent?

(17 Jul '14, 11:24) multipleinte...

One Answer:

0

If the xml is transfered via a protocol using mime type such as HTTP in "Application=" you may only have to add the mime type to the list in packet-xml.c. If you have a tvb with xml data you can let the xml dissector dissectit by callng it with the tvb. packet-diameter_3gpp.c calls the xml dissector I think.

answered 17 Jul '14, 11:23

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Hello this my sample xml,

-<message_library build_id="1.0" generated_datetime="2010-11-10T17:58IST" source_view="gstarhsc_rajat">

-<pos_notify_ind id="100" type="bitStruct">

<critical_escape type="bit" bitlen="1">0</critical_escape>

<msg_type type="bit" bitlen="2">1</msg_type>

<identifier type="bit" bitlen="1">1</identifier>

<random_ref type="bit" bitlen="20">0</random_ref>

<pos_accepted type="bit" bitlen="2">0</pos_accepted>

<plmn_present_flag type="bit" bitlen="1">1</plmn_present_flag>

-<plmn_info type="struct" type_name="plmn_info_s">

<mcc1 type="bit" bitlen="4">8</mcc1>

<mcc2 type="bit" bitlen="4">7</mcc2>

<mcc3 type="bit" bitlen="4">6</mcc3>

<mnc1 type="bit" bitlen="4">5</mnc1>

<mnc2 type="bit" bitlen="4">4</mnc2>

<mnc3_flag type="bit" bitlen="1">0</mnc3_flag>

</plmn_info>

<common_nas_info_present type="bit" bitlen="1">1</common_nas_info_present>

-<common_nas_info type="struct" type_name="common_nas_info_s">

<nas_sys_info_count type="bit" bitlen="3">0</nas_sys_info_count>

<nas_sys_info type="bit" bitlen="8">0</nas_sys_info>

</common_nas_info>

<domain_nas_info_present type="bit" bitlen="1">1</domain_nas_info_present>

-<domain_nas_info type="struct" type_name="domain_nas_info_s">

<nas_sys_info_count type="bit" bitlen="3">0</nas_sys_info_count>

<nas_sys_info type="bit" bitlen="8">0</nas_sys_info>

</domain_nas_info>

<ura_id type="bit" bitlen="16">0</ura_id>

<pos_updt_ind_present type="bit" bitlen="1">0</pos_updt_ind_present>

<rrc_conn_state type="bit" bitlen="2">0</rrc_conn_state>

</pos_notify_ind>

</message_library>

I want to dissect the fields in this xml can any body help me..

(17 Jul '14, 22:58) sagar

Get an XML viewer application and read the file. Wireshark's XML dissector won't do much more than show you the individual XML elements, as you've already done.

(17 Jul '14, 23:36) Guy Harris ♦♦

Not sure to understand what you expect here. Your XML description already contains the field name, the length and the raw value. You can hardly get more. If you want an interpretation of the raw fields, Wireshark cannot help you. Those fields look like some RRC 3G info but you would need the raw data (byte stream) and the corresponding protocol dissector in Wireshark, not a pre-decoded XML data.

(17 Jul '14, 23:38) Pascal Quantin

my current requirement I need to write a code for dissecting the xml data if any approach briefly explain me and provide any screen shots or any links for how to write a code for dissecting the xml..

(18 Jul '14, 02:45) sagar

I'm really sorry but I have no idea of what you mean: what does dissecting xml means for you? If it is just to display the xml data in a tree view, use an XML viewer as Guy suggested.

(18 Jul '14, 05:51) Pascal Quantin