Wireshark mailing list archives

Display Filter frame - how do that work?

From: Jürgen Dietl <juergen.dietl () googlemail com>
Date: Wed, 15 Dec 2010 15:04:50 +0100

Hello,

today I made a trace and I wanted to see all the DHCPNAK.

For this I found a filter:

frame[282:3] == 35:01:06

It works perfect. But my question is how is this filter defined.

For example frame[282:3] == 35:01:02 would be DHCPOFFER.

So {282:3] must be then DHCP. But how is that defined? Is that an offset?
some bit? just a fix list?

and what is 35:01:06.


Any help would be greatly appreciated.

thanx a lot and have a nice day,

cheers,
Juergen

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Display Filter frame - how do that work? Jürgen Dietl (Dec 15)
- Re: Display Filter frame - how do that work? Marco Simone Zuppone (Dec 15)
- Re: Display Filter frame - how do that work? Jaap Keuter (Dec 15)