On Wed, Apr 13, 2011 at 07:53:08PM +0200, Cui Heng wrote: > If I have HTTP trace of libpcap format, I found wireshark can > perfectly reassemble the HTTP response data and parse its content(e.g. > HTML) in clear text. Can some one suggest me which src file(s) or part > of functions achieve this parsing?
The HTTP dissector handles this - it's in epan/dissectors/packet-http.c. >From there you'll see it pass off to functions from other files such as req_resp_hdrs_do_reassembly() in epan/req_resp_hdrs.c. See also doc/README.developer, section 2.7 "Reassembly/desegmentation for protocols running atop TCP" for more details on how Wireshark's reassembly works. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
