In TCP Follow window, allow the optional showing of:
Entire Conversation Client -> Server packets Server -> Client packets Have "Save As" button work as a "Print to File" button; it asks for a filename and uses the same routine that "Print" uses to save the file. What you see in the window is what you get in the file. So, you can get any of the above conversations/soliloquies combined with: ASCII EBCDIC Hex Dump svn path=/trunk/; revision=2232
This commit is contained in:
parent
c83d80de36
commit
3f8d753943
28
follow.c
28
follow.c
|
@ -1,6 +1,6 @@
|
|||
/* follow.c
|
||||
*
|
||||
* $Id: follow.c,v 1.23 2000/08/03 12:44:20 gram Exp $
|
||||
* $Id: follow.c,v 1.24 2000/08/09 05:18:37 gram Exp $
|
||||
*
|
||||
* Copyright 1998 Mike Hall <mlh@io.com>
|
||||
*
|
||||
|
@ -50,9 +50,22 @@ gboolean incomplete_tcp_stream = FALSE;
|
|||
|
||||
static guint32 ip_address[2];
|
||||
static u_int tcp_port[2];
|
||||
static u_int bytes_written[2];
|
||||
|
||||
static int check_fragments( int, tcp_stream_chunk * );
|
||||
static void write_packet_data( tcp_stream_chunk *, const char * );
|
||||
static void write_packet_data( int, tcp_stream_chunk *, const char * );
|
||||
|
||||
void
|
||||
follow_tcp_stats(follow_tcp_stats_t* stats)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 2 ; i++) {
|
||||
stats->ip_address[i] = ip_address[i];
|
||||
stats->tcp_port[i] = tcp_port[i];
|
||||
stats->bytes_written[i] = bytes_written[i];
|
||||
}
|
||||
}
|
||||
|
||||
/* this will build libpcap filter text that will only
|
||||
pass the packets related to the stream. There is a
|
||||
|
@ -162,7 +175,7 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
|
|||
seq[src_index]++;
|
||||
}
|
||||
/* write out the packet data */
|
||||
write_packet_data( &sc, data );
|
||||
write_packet_data( src_index, &sc, data );
|
||||
return;
|
||||
}
|
||||
/* if we are here, we have already seen this src, let's
|
||||
|
@ -199,7 +212,7 @@ reassemble_tcp( u_long sequence, u_long length, const char* data,
|
|||
seq[src_index] += length;
|
||||
if( synflag ) seq[src_index]++;
|
||||
if( data ) {
|
||||
write_packet_data( &sc, data );
|
||||
write_packet_data( src_index, &sc, data );
|
||||
}
|
||||
/* done with the packet, see if it caused a fragment to fit */
|
||||
while( check_fragments( src_index, &sc ) )
|
||||
|
@ -236,7 +249,7 @@ check_fragments( int index, tcp_stream_chunk *sc ) {
|
|||
/* this fragment fits the stream */
|
||||
if( current->data ) {
|
||||
sc->dlen = current->data_len;
|
||||
write_packet_data( sc, current->data );
|
||||
write_packet_data( index, sc, current->data );
|
||||
}
|
||||
seq[index] += current->len;
|
||||
if( prev ) {
|
||||
|
@ -266,6 +279,7 @@ reset_tcp_reassembly() {
|
|||
src_port[i] = 0;
|
||||
ip_address[i] = 0;
|
||||
tcp_port[i] = 0;
|
||||
bytes_written[i] = 0;
|
||||
current = frags[i];
|
||||
while( current ) {
|
||||
next = current->next;
|
||||
|
@ -278,7 +292,9 @@ reset_tcp_reassembly() {
|
|||
}
|
||||
|
||||
static void
|
||||
write_packet_data( tcp_stream_chunk *sc, const char *data ) {
|
||||
write_packet_data( int index, tcp_stream_chunk *sc, const char *data )
|
||||
{
|
||||
fwrite( sc, 1, sizeof(tcp_stream_chunk), data_out_file );
|
||||
fwrite( data, 1, sc->dlen, data_out_file );
|
||||
bytes_written[index] += sc->dlen;
|
||||
}
|
||||
|
|
10
follow.h
10
follow.h
|
@ -1,6 +1,6 @@
|
|||
/* follow.h
|
||||
*
|
||||
* $Id: follow.h,v 1.8 2000/03/12 04:26:35 guy Exp $
|
||||
* $Id: follow.h,v 1.9 2000/08/09 05:18:38 gram Exp $
|
||||
*
|
||||
* Copyright 1998 Mike Hall <mlh@io.com>
|
||||
*
|
||||
|
@ -51,4 +51,12 @@ void reassemble_tcp( u_long, u_long, const char*, u_long, int,
|
|||
address *, address *, u_int, u_int );
|
||||
void reset_tcp_reassembly( void );
|
||||
|
||||
typedef struct {
|
||||
guint32 ip_address[2];
|
||||
guint32 tcp_port[2];
|
||||
unsigned int bytes_written[2];
|
||||
} follow_tcp_stats_t;
|
||||
|
||||
void follow_tcp_stats(follow_tcp_stats_t* stats);
|
||||
|
||||
#endif
|
||||
|
|
916
gtk/follow_dlg.c
916
gtk/follow_dlg.c
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue