Ethereal: Re: [Ethereal-dev] Follow TCP Stream problem?

Ethereal-dev: October 2001

Subject: Re: [Ethereal-dev] Follow TCP Stream problem?
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 9 Oct 2001 11:32:50 -0700 (PDT)

> Can someone verify this? 

I can't - I have another HTTP capture, and if I do a "Follow TCP Stream"
on one of the conversations, selecting

	XXX.XXX.XXX.XXX:XXXX --> YYY.YYY.YYY.YYY:80

does, in fact, show the requests from client to server.

> I think the fix is to change lines 488 & 495 in 
> gtk/follow_dlg.c. Just swap the lines.

The code around line 488 is

            if (memcmp(client_addr, sc.src_addr, iplen) == 0 &&
                client_port == sc.src_port) {
                is_server = FALSE;
                global_pos = &global_client_pos;
                if (follow_info->show_stream == FROM_SERVER) {
                        skip = TRUE;
                }
            }

The "if" tests whether the client address and port match the source
address and port, so if we're trying to see stuff from the server, we'd
presumably want to skip that part of the conversation, so the test on
line 488 for "follow_info->show_stream == FROM_SERVER" would appear to
be correct.

The reverse applies to the code around line 495, which is the code
that's executed if the client address and port don't match the source
address and port.

References:
- [Ethereal-dev] Follow TCP Stream problem?
  - From: Jeff Foster

Prev by Date: Re: [Ethereal-dev] RE: installation of ethereal on solaris 2.6
Next by Date: [Ethereal-dev] AOL protocol - mentioned on slashdot
Previous by thread: [Ethereal-dev] Follow TCP Stream problem?
Next by thread: RE: [Ethereal-dev] Follow TCP Stream problem?
Index(es):
- Date
- Thread