Hello,
thanks a lot for your reply! A curiosity:
have you, in your professional experience, ever found a traffic where the reserved field was not 0000 ??
I noticed that in WireShark 1.4 is possible to write a dissector with LUA...is this working well? Seems a great feature to me!
Thanks a lot!!
Regards,
Marco S. Zuppone
On 29 Sep 2010, at 17:37, Stephen Fisher wrote:
> On Wed, Sep 29, 2010 at 05:17:50PM +0100, Marco Simone Zuppone wrote:
>
>> I was wondering how is the best way (if any) to create a filter about
>> the reserved ( 4 bits between bit 100 and 104 ) field of the TCP
>> packet. The expression as tcp[n:y] == are interesting but n and y are
>> expressed in byte and not in bit.
>
> I recently changed the TCP dissector to show the nonce flag and the
> three reserved bits as separate filterable fields. That change is only
> in the development 1.5.x branch from SVN though. If you want, you can
> download the lastest automated release from
> http://www.wireshark.org/download/automated/ and use the "tcp.flags.res"
> field.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe