Wireshark mailing list archives
Re: 1.7.1 bug? tcp.flags == 0x8c2
From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Fri, 10 Feb 2012 03:52:08 +0000 (UTC)
Lanell Allen <blanellallen@...> writes:
[SYN, ECN, CWR] The "tcp.flags == 0x8c2" filter crashes on v. 1.7. Stays "pink" with the error message "invalid filter" / "too big", etc. Works fine on 1.6.1 and 1.6.4Lanell Allen, WCNA
Well first off, that filter is incorrect if you're trying to match packets with only the SYN, ECN and CWR bits set. The only way it would work is if the high-order bit of the 3-bit reserved field also happens to be set, which I doubt. In your case, I think the proper filter should be: "tcp.flags == 0x0c2". That aside, since the nonce and reserved bits were added to the TCP flags in r34084, the tcp.flags field now encompasses 12-bits instead of only 8-bits as it did previously. Because of this the field type should have been changed from an FT_UINT8 to an FT_UINT16 in order to be able to specify all the values in its new range. I checked in a fix to that problem in r40949 and scheduled it (along with r37856) to be back-ported to 1.6.6 and 1.4.12. - Chris ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- 1.7.1 bug? tcp.flags == 0x8c2 Lanell Allen (Feb 09)
- Re: 1.7.1 bug? tcp.flags == 0x8c2 Christopher Maynard (Feb 09)