On Wed, Sep 08, 2010 at 02:37:58PM +0100, Scheffenegger, Richard wrote:
> I have here a trace with the RFC3540 ECN Nounce. That (valid) TCP Flag
> is one of the lower 4 bits where the TCP options length is also
> stored; however, Wireshare doesn't seem to decode the full 12-bit TCP
> Flags field properly - only the lower 8 bits are shown.
>
> Does anyone know how to fix this, so that the full 12 bit field is
> decoded (3 reserved bits, ECN, CWR, ECE, URG, ACK, PSH, RST, SYN, FIN
> )?
Thanks for bringing this up. This caught my interest, so I committed a
change to the source code to expand the flags coverage to the whole 12
bits. It's in SVN revision 34084 and will be in the next release with
new features (not 1.4.x as those are only fixes). In the mean time, you
can download an automated build from
http://www.wireshark.org/download/automated/ within a few hours (just
look for a filename containing the number 34084 or higher).