Wireshark mailing list archives

Re: Dissecting a field that has non-octet bit boundaries

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Fri, 23 Jan 2015 16:30:04 -0800

On Fri, Jan 23, 2015 at 12:40 AM, Anders Broman
<anders.broman () ericsson com> wrote:

Hi,
You can also use proto_add_bits_item()


OK, thanks everyone.

Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of yannick 
omnes
Sent: den 23 januari 2015 08:46
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissecting a field that has non-octet bit boundaries

Hi Richard,

I had the same problem recently, that I solved using a bitmask in one of the register_info fields. It looked like 
that :

{
&hf_protocol_id,
             {
                 "ID", "protocol.id",
                 FT_UINT8, BASE_DEC_HEX,
                 NULL, 0x1,
                 NULL, HFILL
             },
         }

This should display only the first bit of a byte.

Hope that helps,

Regards

Yannick


Le 23/01/2015 05:46, Richard Sharpe a écrit :

Hi Folks,

I am trying to dissect MS-RSVD further since I have a capture of some
of that funky SCSI tunneled over SMB2/3.

Anyway, they have a 4-byte header that consists of:

1 byte:  Protocol ID
12 bits: Protocol Version
12 bits: Operation Code

How do I deal with this. It does not seem like proto_tree_add_bitmask
is the correct thing.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe




-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Dissecting a field that has non-octet bit boundaries Richard Sharpe (Jan 22)
- Re: Dissecting a field that has non-octet bit boundaries yannick omnes (Jan 22)
  - Re: Dissecting a field that has non-octet bit boundaries Anders Broman (Jan 23)
    - Re: Dissecting a field that has non-octet bit boundaries Richard Sharpe (Jan 23)