Wireshark mailing list archives
Re: Display filter for TCP reserved field
From: Stephen Fisher <steve () stephen-fisher com>
Date: Wed, 29 Sep 2010 10:37:06 -0600
On Wed, Sep 29, 2010 at 05:17:50PM +0100, Marco Simone Zuppone wrote:
I was wondering how is the best way (if any) to create a filter about the reserved ( 4 bits between bit 100 and 104 ) field of the TCP packet. The expression as tcp[n:y] == are interesting but n and y are expressed in byte and not in bit.
I recently changed the TCP dissector to show the nonce flag and the three reserved bits as separate filterable fields. That change is only in the development 1.5.x branch from SVN though. If you want, you can download the lastest automated release from http://www.wireshark.org/download/automated/ and use the "tcp.flags.res" field. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Display filter for TCP reserved field Marco Simone Zuppone (Sep 29)
- Re: Display filter for TCP reserved field Stephen Fisher (Sep 29)
- Re: Display filter for TCP reserved field Marco S . Zuppone (Sep 29)
- Re: Display filter for TCP reserved field Stephen Fisher (Sep 29)
- Re: Display filter for TCP reserved field Marco S . Zuppone (Sep 29)
- Re: Display filter for TCP reserved field Stephen Fisher (Sep 29)