Wireshark-dev: Re: [Wireshark-dev] How does wireshark extract the name of file from filehandle?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Tayade, Nilesh" <Nilesh.Tayade@xxxxxxxxxxxx>
Date: Tue, 14 Sep 2010 02:04:33 -0400
Thanks Jaap. 
As I could understand there is no other stuff that wireshark does to map the name, apart from knowing the fh-to-fname relation. So if I look at the set of NFS packets which do not mention the filename, wireshark may not be able to display the name.

--
Thanks,
Nilesh

> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Monday, September 13, 2010 8:49 PM
> To: Developer support list for Wireshark
> Cc: Tayade, Nilesh
> Subject: Re: [Wireshark-dev] How does wireshark extract the name of
> file from filehandle?
> 
> Hi,
> 
> The dissector must see the packet(s) which establish the
> relationship
> between name and handle before it can add this information to the
> packets which contain the handle only. It's that recreation of
> endpoint
> state which allows Wireshark to do that, and the cause of much
> memory
> grieve.
> 
> Thanks,
> Jaap
> 
> 
> On Mon, 13 Sep 2010 03:35:38 -0400, "Tayade, Nilesh"
> <Nilesh.Tayade@xxxxxxxxxxxx> wrote:
> > Hi,
> >
> > I seek some help on getting the filename/directory name from
> filehandle.
> > I am working on parsing the NFS protocol packet. I can see in some
> of
> > the packet captures in wireshark - the filename is displayed in
> the
> > packet analysis window. But in actual byte stream the filename is
> NOT
> > present (it just shows the file handle). Could someone please help
> > understand how it extracts the name from filehandle?
> > Attached is the screenshot of packet, highlighting the temp_dir
> name.
> >
> > Byte stream:
> > 0000  00 30 48 bd 8b 4c 00 30  48 d6 7b 16 08 00 45 00   .0H..L.0
> > H.{...E.
> > 0010  00 b4 ea 42 40 00 40 06  53 bb c0 a8 3d 44 c0 a8   ...B@.@.
> > S...=D..
> > 0020  3d b1 03 ef 08 01 28 10  8d 57 ba fc 4b 7b 80 18   =.....(.
> > .W..K{..
> > 0030  01 f5 fc ec 00 00 01 01  08 0a 23 fd 71 76 28 8d   ........
> > ..#.qv(.
> > 0040  66 e8 80 00 00 7c 4e 56  ff 6b 00 00 00 00 00 00   f....|NV
> > .k......
> > 0050  00 02 00 01 86 a3 00 00  00 03 00 00 00 04 00 00   ........
> > ........
> > 0060  00 01 00 00 00 38 00 09  36 a4 00 00 00 06 57 42   .....8..
> > 6.....WB
> > 0070  32 2d 36 38 00 00 00 00  00 00 00 00 00 00 00 00   2-68....
> > ........
> > 0080  00 07 00 00 00 00 00 00  00 01 00 00 00 02 00 00   ........
> > ........
> > 0090  00 03 00 00 00 04 00 00  00 06 00 00 00 0a 00 00   ........
> > ........
> > 00a0  00 00 00 00 00 00 00 00  00 14 01 00 00 01 00 08   ........
> > ........
> > 00b0  00 13 ef 68 66 00 03 f6  27 00 38 ec fc 13 00 00   ...hf...
> > '.8.....
> > 00c0  00 1f                                              ..
> >
> >
> > P.S. Please include my email ID in the reply, as I am not
> subscribed to
> > the list.
> >
> > --
> > Thanks,
> > Nilesh
> > x46222
> > Yahoo IM: nilesh_tayade85
> 
> ____________________________________________________________________
> _______
> Sent via:    Wireshark-dev mailing list <wireshark-
> dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-
> request@xxxxxxxxxxxxx?subject=unsubscribe