Re: bitwise operating gives syntax error. + displaying a slice.

[Marilo <narium85-mlscar () yahoo co uk>]

I know that some number AND 0  would give 0..

My issue is that it gives a Syntax error! 

0 could be FF, my point is the syntax error.

I want to run the expression without getting a syntax error.

See the example, it reads from a file (i.e. i'm looking at doing a display filter)  


C:\sdf>tshark -r asdf2 "ip[0]&ff==45"
tshark: Syntax error.



--- On Mon, 9/4/12, Jaap Keuter  wrote:

> From: Jaap Keuter 
> Subject: Re: [Wireshark-users] bitwise operating gives syntax error. + displaying a slice.
> To: list
> Date: Monday, 9 April, 2012, 16:50
> Hi,
>
> Are you trying capture or display filters here?
>
> The capture file expression part "ip[0] & 0" would
> always yield 0.
>
> Thanks,
> Jaap
>
> On 04/08/2012 05:37 PM, Marilo wrote:
> > I am having trouble trying to get the bitwise operator
> to function here without a syntax error
> > This works
> >
> > C:\sdf>tshark -r asdf2 "ip[0]==45"
> >
> > but when I put a bitwise AND in there, I get a syntax
> error
> > C:\sdf>tshark -r asdf2 "ip[0]&0==45"
> > tshark: Syntax error.
> >     Note: That display filter code looks like
> a valid capture filter;
> >           maybe you mixed them
> up?
> > C:\sdf>
> >
> >
> > Also where in the manual does it speak about this?
> >
> > And it'd be really useful in debugging a filter, if I
> could display, say, ip[0] or  ip[0]<<2
> > Is that possible and is it possible to only display
> ip[0] or tcp[12] or whatever slice, of a packet?
> >
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe