On Wed, Sep 29, 2010 at 05:17:50PM +0100, Marco Simone Zuppone wrote:
> I was wondering how is the best way (if any) to create a filter about
> the reserved ( 4 bits between bit 100 and 104 ) field of the TCP
> packet. The expression as tcp[n:y] == are interesting but n and y are
> expressed in byte and not in bit.
I recently changed the TCP dissector to show the nonce flag and the
three reserved bits as separate filterable fields. That change is only
in the development 1.5.x branch from SVN though. If you want, you can
download the lastest automated release from
http://www.wireshark.org/download/automated/ and use the "tcp.flags.res"
field.