This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP\HTTP reassemble

0

Hi,

I would like to write code in c++ that reassemble http request response packets and save then in some container..

so I downloaded the wireshark source code and found the packet-http.c and packet-http.h code.

I tried to look for the actual parts that using this code to reassemble the TCP packets and get the HTTP request\response- but with no success.

It will be very helpful if someone could direct me to this HTTP request\response dissector, or to some code example for that matter.

What are the set of commands to "filetr" HTTP and where is the "pointer"\data structure that holds that request\response?

Thanks!

asked 15 Jul '17, 05:31

dr%20seuss's gravatar image

dr seuss
1223
accept rate: 0%

edited 15 Jul '17, 06:07


One Answer:

0

TCP reassembly is carried out via several routines in packet-tcp.c and epan/reassemble.c. Note that the code is C, not C++ and is very complicated and unlikely to be easily extractable.

The code is licensed under GPL2, so please observe the license conditions.

answered 15 Jul '17, 07:40

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hi thank you for your answer, my goal is to extract the HTTP fields I dont want to reassemble the TCP packets on my own. I guess the HTTP dissector already does which is great. I just want to integrate this and pull out the HTTP header fields to my container. and C its also ok

(15 Jul '17, 08:39) dr seuss

Unfortunately (for you) the Wireshark code is not structured that way, it works as a whole ensemble.

Maybe you could spawn tshark and apply filters and field selectors (-T fields & -e fieldname ...) to achieve your needs.

(15 Jul '17, 09:51) grahamb ♦