Re: Display filter for TCP reserved field

[Marco S. Zuppone <msz () msz eu>]

Hello,

thanks a lot for your reply! A curiosity:
have you, in your professional experience, ever found a traffic where the reserved field was not 0000 ??
I noticed that in WireShark 1.4 is possible to write a dissector with LUA...is this working well? Seems a great feature 
to me!
 Thanks a lot!! 
Regards,
Marco S. Zuppone
On 29 Sep 2010, at 17:37, Stephen Fisher wrote:

> On Wed, Sep 29, 2010 at 05:17:50PM +0100, Marco Simone Zuppone wrote:
>
> > I was wondering how is the best way (if any) to create a filter about 
> > the reserved ( 4 bits between bit 100 and 104 ) field of the TCP 
> > packet. The expression as tcp[n:y] == are interesting but n and y are 
> > expressed in byte and not in bit.
>
> I recently changed the TCP dissector to show the nonce flag and the 
> three reserved bits as separate filterable fields.  That change is only 
> in the development 1.5.x branch from SVN though.  If you want, you can 
> download the lastest automated release from 
> http://www.wireshark.org/download/automated/ and use the "tcp.flags.res" 
> field.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe